[Samba] NTLMSSP Sign/Seal - using NTLM1

Vincent techburgher at gmail.com
Thu Aug 24 14:32:42 UTC 2023 

So, curiously, it *appears* the following may have sped up the mount:

   -

   Manually modified the smb.conf file, where the following changes were
   made: Added:
   -

      client NTLMv2 auth = yes
      -

      client min protocol = SMB2_02
      -

   From a Linux client, performed a cifs mount, forcing the following
   parameters (ntlmssp,vers=3.0)

Unfortunately, connections from a Windows client are still slow. I am not
sure if it is possible to make a comparable "mount", from Windows, similar
to the one performed on the Linux client.

On Tue, Jul 11, 2023 at 3:49 AM Rowland Penny via samba <
samba at lists.samba.org> wrote:

>
>
> On 10/07/2023 22:15, Vincent via samba wrote:
> > Samba is running on SUSE Linux Enterprise High Performance Computing,
> > kernel 5.3.18-22-default.
> >
> > Yes, it is a domain member, but there are no ancillary services of which
> I
> > am aware.
> >
> > The smb.conf is as follows:
> >
> > [global]
> >          clustering = Yes
> >          getwd cache = No
> >          kernel change notify = No
> >          max log size = 100000
> >          netbios name = TEST-SMB
> >          realm = TEST.COM
> >          security = ADS
> >          server min protocol = SMB2_02
> >          server string = "TEST-SMB"
> >          workgroup = TESTNET
> >          idmap config * : range = 4290000001-4291000000
> >          idmap config abbvienet : unix_nss_info = yes
> >          idmap config abbvienet : unix_primary_group = yes
> >          idmap config abbvienet : schema_mode = rfc2307
> >          idmap config abbvienet : range = 0-4290000000
> >          idmap config abbvienet : backend = ad
> >          idmap config * : backend = autorid
> >          allocation roundup size = 0
> >          kernel share modes = No
> >          posix locking = No
> >          read only = No
> >          veto files = /.snapshots/
> >
>
> Is this part of a cluster ?
> If it is, I would have expected to see more 'cluster' related
> parameters, but I am no cluster expert.
>
> Is the workgroup actually 'TESTNET', or is that just a placeholder for '
> ABBVINET' ?
> If your workgroup is really 'ABBVINET', then why are you using both the
> 'autorid' and 'ad' idmap backends ?
>
> If you only want to use the SMBv2 protocol as a minimum, I would also
> set 'client min protocol = SMB2_02', with that set, SMBv1 will not be used.
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list