[Samba] Remove LanMan auth from the AD DC and possibly file server?

Andrew Bartlett abartlet at samba.org
Wed Jan 26 18:02:01 UTC 2022

On Wed, 2022-01-26 at 13:35 +0100, Andrea Venturoli via samba wrote:
> On 1/26/22 04:50, Andrew Bartlett via samba wrote:
> > What do folks think?
> Has this something to do with "server min protocol = NT1"?
> If the answer is yes...
> Normally I would say, go ahead!
> However, I have more than one customer with some MFP printers that
> will 
> drop scanned documents onto an SMB share and refuse to work with
> recent 
> security standards.
> As much as I'd like to see these legacy wagons go away, that's not
> going 
> to happen any time soon.
> Normally I'd just drop SMB completely and configure SMTP instead,
> but 
> this isn't always possible or desired by the customer.
> If answer is no, please ignore the noise.

No, server min protocol = NT1 will still work, provided the device
supports NTLM authentication or better, just not the old LanMan used by
the likes of Win9X, Win3.11, DOS and OS/2.  

This has been disabled by default for a very long time.

Andrew Bartlett

Andrew Bartlett (he/him)       https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead, Catalyst IT   https://catalyst.net.nz/services/samba

Samba Development and Support, Catalyst IT - Expert Open Source

More information about the samba mailing list