[Samba] Remove LanMan auth from the AD DC and possibly file server?
abartlet at samba.org
Wed Jan 26 18:02:01 UTC 2022
On Wed, 2022-01-26 at 13:35 +0100, Andrea Venturoli via samba wrote:
> On 1/26/22 04:50, Andrew Bartlett via samba wrote:
> > What do folks think?
> Has this something to do with "server min protocol = NT1"?
> If the answer is yes...
> Normally I would say, go ahead!
> However, I have more than one customer with some MFP printers that
> drop scanned documents onto an SMB share and refuse to work with
> security standards.
> As much as I'd like to see these legacy wagons go away, that's not
> to happen any time soon.
> Normally I'd just drop SMB completely and configure SMTP instead,
> this isn't always possible or desired by the customer.
> If answer is no, please ignore the noise.
No, server min protocol = NT1 will still work, provided the device
supports NTLM authentication or better, just not the old LanMan used by
the likes of Win9X, Win3.11, DOS and OS/2.
This has been disabled by default for a very long time.
Andrew Bartlett (he/him) https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead, Catalyst IT https://catalyst.net.nz/services/samba
Samba Development and Support, Catalyst IT - Expert Open Source
More information about the samba