[Samba] "lanman auth" question

Andrew Bartlett abartlet at samba.org
Sat Oct 14 06:26:41 UTC 2017


On Tue, 2017-10-03 at 11:26 -0700, ToddAndMargo via samba wrote:
> On 10/03/2017 05:57 AM, Gaiseric Vandal via samba wrote:
> > How old is the scanner ?   Did you check for a firmware update for 
> > it?    NTLM has been around for so long that it is hard to imagine 
> > anything that has to have LANMAN support.
> 
> I called Xerox tech support and their answer was it
> was out of support.  It is probably seven years old.
> It was an expensive scanner, not one of those new
> fangled fall apart in two years scanners.  It is working
> very well still.
> 
> I can not see the scanner catching WannaCry.  My main
> concern was the ramifications to Samba of leaving
> Lanman activated.

I'm pretty sure it won't be using Lanman authentication.  It will be
using NTLM or NTLMv2.  

The weakness of allowing lanaman auth is that the passwords are easily
broken (trivially with some CPU) due to being upper-cased and
restricted to 14 chars, of which each 7 can be broken independently. 
NTLM is not much more, 100 USD and 24 hours of cloud time was quoted to
me two years ago in a kiwicon presentation. 

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba




More information about the samba mailing list