[Samba] ntlm_auth and SMBv2/v3

Lulzim KELMENI lkelmeni at mairie-saint-ouen.fr
Tue Oct 17 12:52:51 UTC 2017


 

Hello Andrew, 

Do you plan to release the patch for "ntlm auth =
mschapv2-only" option soon ? 
We need this on order to use freeradius in
a "more safe" scenario than with "ntlm auth = yes" 

Best
Regard,

Lulzim KELMENI
Direction des Systèmes d'Information
Mairie de
Saint-Ouen

Le 08/06/2017 21:36, Andrew Bartlett via samba a écrit : 

>
On Thu, 2017-06-08 at 15:30 +0200, L.P.H. van Belle via samba wrote:
>

>> hai, Please keep it mailing to the list, this way is shows up of
others also. A workaround for disabling SMBv1, you can make your server
less secure but thats not what i would do. Setting these to enable NTLM
v1 again. lanman auth = yes
> 
> NEVER set this.
> 
>> ntlm auth = yes
>

> This enables NTLMv1. To be clear, this isn't related to SMBv1. This
>
is the only change required to re-enable MSCHAPv2. I plan to create a
>
ntlm auth = mschapv2-only option (indeed I have been given such a
>
patch) but I need to finish the test.
> raw NTLMv2 aut
> 
>> n networks.
I'm menti
> cause Samba folklore grows so quickly, and folks rapidly
paste in whatever setting they find, even if they reduce security
dramatically. Thanks, Andrew Bartlett -- Andrew Bartlett
http://samba.org/~abartlet/ [1] Authentication Developer, Samba Team
http://samba.org [2] Samba Developer, Catalyst IT
http://catalyst.net.nz/services/samba [3]
 

Links:
------
[1]
http://samba.org/~abartlet/
[2] http://samba.org
[3]
http://catalyst.net.nz/services/samba


More information about the samba mailing list