[Samba] Remove LanMan auth from the AD DC and possibly file server?

Jeremy Allison jra at samba.org
Mon Feb 7 17:17:16 UTC 2022

On Mon, Feb 07, 2022 at 06:06:34PM +0100, Björn JACKE wrote:
>On 2022-01-27 at 07:00 +1300 Andrew Bartlett via samba-technical sent off:
>> No, you got my meaning perfectly.  Even for Win9X there is, from
>> memory, some strange update to make it do 'raw NTLMv2', instead of LM.
>> I really think we should be able to ditch this, ideally across the
>> codebase but certainly in the AD DC, in 2022.
>okay, with the AD DC I agree, I think we can remove it there.
>For local SAM's users I would vote to keep LM hashes supported until we ditch
>SMB1 anyway in the not so far future. There are really still people relying on

Only if this is easy to do in refactoring. If it's going to
be hard to keep them, I vote to remove them and ask such
users to go to guest authentication.

At this point there's no difference in security between
LM hashes and guest authentication.

More information about the samba mailing list