[Samba] freeradius + NTLM + samba AD 4.5.x

Rowland Penny rpenny at samba.org
Mon Mar 26 12:37:23 UTC 2018

On Mon, 26 Mar 2018 14:06:24 +0200
"Dr. Peer-Joachim Koch via samba" <samba at lists.samba.org> wrote:

> Hi,
> we have updated our samba AD domain from 4.4.x to 4.5.x.
> The release notes for 4.5.0 included  "NTLMv1 authentication disabled
> by default".
> So we had to enable it to get our radius (freeradius) server working 
> (for 802.1x).

You would probably be better off asking freeradius.

> What would be the best way to change the freeradius configuration in 
> such a way,
> that we can disable NTLMv1 again.
> The radius server is used for WLAN (802.1x) and for VPN.
> How insecure is NTLMv1 ?

Have you ever heard of 'wannacry' ? or to put it another way 'VERY


More information about the samba mailing list