[Samba] Samba 4.14.5 NTLMv1
Rowland Penny
rpenny at samba.org
Tue Jan 18 14:35:39 UTC 2022
On Tue, 2022-01-18 at 15:18 +0100, Eric Lehmann via samba wrote:
> Hello
>
> After updating my machine to samba 4.14.5 it is not possible to
> authenticate using NLTMv1. The clients are proprietary control / PLC
> units
> where I am not able to change anything.
>
> I figured out that there must be something with a missing domain /
> workgroup during the authentication process.
>
> Example, workgroup before DOMAIN-USER is empty:
>
> check_ntlm_password: Checking password for unmapped user []\[
> DOMAIN-USER
> ]@[m194940] with the new password interface
>
> I can connect the same user from the machines smbclient: smbclient
> //xx/xx
> -mNT1 -U DOMAIN-USER
>
> The smbclient attempts to connect with "passwordType": "NTLMv2". This
> works, but NTLMv1 fails.
>
> Also, wbinfo succeeded: wbinfo -a DOMAINUSER%password --ntlmv1
> plaintext password authentication succeeded
> challenge/response password authentication succeeded
>
> Is there any way to tell samba using the domain/workgroup as a
> default?
>
> Some smb.conf:
>
> [global]
> kerberos method = secrets and keytab
> template homedir = /home/%U@%D
> workgroup = WORKGROUP
> server min protocol = NT1
> client min protocol = NT1
> template shell = /bin/bash
> template homedir = /home/%U
> security = ads
> realm = WORKGROUP.INTERN
> ntlm auth = yes
> lanman auth = yes
If that is the entire [global] section of your smb.conf , where are the
'idmap config' lines ?
Rowland
More information about the samba
mailing list