[Samba] ntlm_auth and SMBv2/v3
Lulzim KELMENI
lkelmeni at mairie-saint-ouen.fr
Tue Oct 17 12:52:51 UTC 2017
Hello Andrew,
Do you plan to release the patch for "ntlm auth =
mschapv2-only" option soon ?
We need this on order to use freeradius in
a "more safe" scenario than with "ntlm auth = yes"
Best
Regard,
Lulzim KELMENI
Direction des Systèmes d'Information
Mairie de
Saint-Ouen
Le 08/06/2017 21:36, Andrew Bartlett via samba a écrit :
>
On Thu, 2017-06-08 at 15:30 +0200, L.P.H. van Belle via samba wrote:
>
>> hai, Please keep it mailing to the list, this way is shows up of
others also. A workaround for disabling SMBv1, you can make your server
less secure but thats not what i would do. Setting these to enable NTLM
v1 again. lanman auth = yes
>
> NEVER set this.
>
>> ntlm auth = yes
>
> This enables NTLMv1. To be clear, this isn't related to SMBv1. This
>
is the only change required to re-enable MSCHAPv2. I plan to create a
>
ntlm auth = mschapv2-only option (indeed I have been given such a
>
patch) but I need to finish the test.
> raw NTLMv2 aut
>
>> n networks.
I'm menti
> cause Samba folklore grows so quickly, and folks rapidly
paste in whatever setting they find, even if they reduce security
dramatically. Thanks, Andrew Bartlett -- Andrew Bartlett
http://samba.org/~abartlet/ [1] Authentication Developer, Samba Team
http://samba.org [2] Samba Developer, Catalyst IT
http://catalyst.net.nz/services/samba [3]
Links:
------
[1]
http://samba.org/~abartlet/
[2] http://samba.org
[3]
http://catalyst.net.nz/services/samba
More information about the samba
mailing list