[Samba] How to disable NTLM authentication on Samba

[Reinaldo Souza Gomes]

 Forgive me if I have misundertood your words, but what I want is to prevent Samba from accepting NTLM(v1, v2, SSP, or whatever) and forwarding it, since SSSD does not support it. I am not trying to get SSSD to support any kind of NTLM. So, this would be a Samba issue, not SSSD's. Isn't that correct?
Putting it in another words: what can I do (preferrably on the Samba server) to prevent windows clients from successfully sending NTLM authentication to my Samba server?    Em quarta-feira, 10 de outubro de 2018 16:29:28 BRT, Rowland Penny via samba <samba at lists.samba.org> escreveu:  
 
 On Wed, 10 Oct 2018 18:50:23 +0000 (UTC)
Reinaldo Souza Gomes via samba <samba at lists.samba.org> wrote:

> 
> How can I make sure that NTLM(SSP) will never be used??
> 
> I’ve set up Samba with SSSD and everything Works fine... except for a
> few Windows machines which every now and then happen to send NTLM
> authentication flags to the Samba server, which happily forwards
> them. And then the authentication fails because SSSD doesn’t support
> NTLM.
> 
> I’ve tried all sorts of parameters combination on smb.conf (including
> "ntlm auth = disabled"), but I didn’t find a way to completely refuse
> NTLM authentication on the Samba server, and force the client to use
> another authentication method (kerberos).

You will have to ask the sssd-users mailing list, you are not using
Samba for authentication.

sssd isn't a Samba product.

Samba by default no longer uses NTLMv1

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba