[Samba] NTLM auth, better on a DC or on a DM?

Rowland Penny rpenny at samba.org
Mon Sep 10 14:53:56 UTC 2018

On Mon, 10 Sep 2018 10:05:32 -0400
Gaiseric Vandal via samba <samba at lists.samba.org> wrote:

> Would squid and freeradius support LDAP authentication with AD ?   I 
> don't know if you are using NTLM or NTLMv2.

Yes, they both support ldap authentication, this is why, even though by
default NTLMv1 is now turned off, there is an option to turn it on for
this very reason: mschapv2-and-ntlmv2-only

Reading the man page has this:

mschapv2-and-ntlmv2-only - Only allow NTLMv1 when the client promises
that it is providing MSCHAPv2 authentication (such as the ntlm_auth


More information about the samba mailing list