[Samba] ntlm_auth and SMBv2/v3

Lulzim KELMENI lkelmeni at mairie-saint-ouen.fr
Tue Oct 17 12:52:51 UTC 2017


Hello Andrew, 

Do you plan to release the patch for "ntlm auth =
mschapv2-only" option soon ? 
We need this on order to use freeradius in
a "more safe" scenario than with "ntlm auth = yes" 


Direction des Systèmes d'Information
Mairie de

Le 08/06/2017 21:36, Andrew Bartlett via samba a écrit : 

On Thu, 2017-06-08 at 15:30 +0200, L.P.H. van Belle via samba wrote:

>> hai, Please keep it mailing to the list, this way is shows up of
others also. A workaround for disabling SMBv1, you can make your server
less secure but thats not what i would do. Setting these to enable NTLM
v1 again. lanman auth = yes
> NEVER set this.
>> ntlm auth = yes

> This enables NTLMv1. To be clear, this isn't related to SMBv1. This
is the only change required to re-enable MSCHAPv2. I plan to create a
ntlm auth = mschapv2-only option (indeed I have been given such a
patch) but I need to finish the test.
> raw NTLMv2 aut
>> n networks.
I'm menti
> cause Samba folklore grows so quickly, and folks rapidly
paste in whatever setting they find, even if they reduce security
dramatically. Thanks, Andrew Bartlett -- Andrew Bartlett
http://samba.org/~abartlet/ [1] Authentication Developer, Samba Team
http://samba.org [2] Samba Developer, Catalyst IT
http://catalyst.net.nz/services/samba [3]

[2] http://samba.org

More information about the samba mailing list