[Samba] ntlm_auth and SMBv2/v3
arniekol at gmail.com
Tue Oct 17 14:34:01 UTC 2017
I think something needs to happen on this. The guys at freeradius is
pushing this back as a samba issue.
I know of some commercial radius vendors who have done mschapv2 over DCERPC
over tcp135 and higher ports rather than using ntlm. Not entirely sure of
On 17 Oct 2017 2:10 pm, "Lulzim KELMENI via samba" <samba at lists.samba.org>
> Hello Andrew,
> Do you plan to release the patch for "ntlm auth =
> mschapv2-only" option soon ?
> We need this on order to use freeradius in
> a "more safe" scenario than with "ntlm auth = yes"
> Lulzim KELMENI
> Direction des Systèmes d'Information
> Mairie de
> Le 08/06/2017 21:36, Andrew Bartlett via samba a écrit :
> On Thu, 2017-06-08 at 15:30 +0200, L.P.H. van Belle via samba wrote:
> >> hai, Please keep it mailing to the list, this way is shows up of
> others also. A workaround for disabling SMBv1, you can make your server
> less secure but thats not what i would do. Setting these to enable NTLM
> v1 again. lanman auth = yes
> > NEVER set this.
> >> ntlm auth = yes
> > This enables NTLMv1. To be clear, this isn't related to SMBv1. This
> is the only change required to re-enable MSCHAPv2. I plan to create a
> ntlm auth = mschapv2-only option (indeed I have been given such a
> patch) but I need to finish the test.
> > raw NTLMv2 aut
> >> n networks.
> I'm menti
> > cause Samba folklore grows so quickly, and folks rapidly
> paste in whatever setting they find, even if they reduce security
> dramatically. Thanks, Andrew Bartlett -- Andrew Bartlett
> http://samba.org/~abartlet/  Authentication Developer, Samba Team
> http://samba.org  Samba Developer, Catalyst IT
> http://catalyst.net.nz/services/samba 
>  http://samba.org
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba