[Samba] "lanman auth" question

Gaiseric Vandal gaiseric.vandal at gmail.com
Tue Oct 3 12:57:12 UTC 2017 

How old is the scanner ?   Did you check for a firmware update for 
it?    NTLM has been around for so long that it is hard to imagine 
anything that has to have LANMAN support.

On 10/02/17 19:08, ToddAndMargo via samba wrote:
>> On 10/02/17 17:16, ToddAndMargo via samba wrote:
>>> Hi All,
>>>
>>> Server:
>>>    Fedora 26
>>>    samba-4.6.8-0.fc26.x86_64
>>>
>>> Workstations (5 of them):
>>>    XP Pro SP3
>>>
>>>
>>> I set all five of my customer XP workstations to
>>>
>>> Send NTLMv2 response only\\refuse LM and NTLM
>>>
>>> and turned off (smb.conf)
>>>
>>>   lanman auth = yes
>>>   ntlm auth = yes
>>>
>>> And had to turn it right back on as the customer's
>>> Xerox Workcentre 3550 multifunction printer scanner
>>> requires it
>>>
>>> What are the security ramification to Samba?
>>>
>>> Many thanks,
>>> -T
>>> Tony Ewell, B.S.E.E.
>>> Owner, Rent-A-Nerd Computer Services
>>> 775-265-5150,  9:00 am to 5:00 pm PST/PDT
>>>
>>>
>>> Error from the scanner:
>>>
>>> Destination 1      : Status....Failed
>>> Status Details     : username or password is wrong
>>> Friendly Name      : WorkCenter
>>> Server Name        : 192.168.255.12
>>> Path               : scans
>>> Protocol           : SMB
>>> Filing Policy      : CHANGENAME
>>> Document Name      : 1
>
> On 10/02/2017 03:49 PM, Gaiseric Vandal via samba wrote:
> > lanman should always be disabled.  use "testparm -v" to make sure the
> > settings are applied as you expect.  With different samba versions, the
> > defaults may change.
> >
> > I don't think you can disable ntlmv1 but leave ntlmv2 enabled.  I could
> > be wrong.          NTLMv2 is stronger.     And I think clients will
> > negotiate the strongest common protocol.      If you are in a small
> > network where you can see what is getting added, and you are using
> > ethernet switches (not ethernet hubs) to minimize packet capture, you
> > should be OK.     (unless you are designing the next stealth
> > fighter.)     Best practices would dictate NTLMv2 if possible.
> >
> >
> > I would try disabling lanman, leaving ntlm enabled and see if the xerox
> > works.
>
> If I disable (as I did), then the scanner won't save to smb.
> So, I am stuck with it.
>
>

More information about the samba mailing list