similar to: NTLMv2 in Sun's 'official' Samba 3.0.37?

Hi list. I've been running up against a bunch of ntlm v2 related issues recently with Windows 7 and Mac OS X 10.6 client systems attempting to connect to my Solaris 10 samba 3.0.37 server. As it turns out, Sun engineering suggest that because I use "security = SERVER" rather than "security = DOMAIN", ntlmv2 auth will never actually work, even if I have settings such as:

Hello, i set up a squid proxy that should authenticate users against a samba PDC using winbind. It works fine as long i allow ntlmv1: on the PDC: ntlm auth = yes lanman auth = no client ntlmv2 auth = yes If i restrict the domains authentication method to ntlmv2 - that's what i want - with these settings: ntlm auth = no lanman auth = no client

Hi folks, I've been testing out Windows Vista Enterprise today. It defaults to only using NTLMV2 authentication. I'm testing with Samba 3.0.23d running on Sparc/Solaris 8. Samba is configured with security = domain The password server is a Windows Server 2003 domain controller. I've joined Samba to the domain. I simply can't get Vista to connect unless I change its security

Hi Thanks in advance. I know my question below is not really related with samba but I'm really confused, and you guys are expert on windows authentication, I really hope you have patience to read this and I'll appreciate any of your help. I learned a lot from this post http://lists.samba.org/archive/jcifs/2008-October/008227.html. I know that a "man in the middle" technique,

Hello, Two questions for you this evening. How do you tell the difference between NTLMv1-style authentication and NTLMv2 style? The CIFS dialect NT LM 0.12 does both(?), so does not appear in the NegProtRequest message (nor in the flags, near as I could tell). Do you ascertain this by examining the SessionSetupAndX message? If so, what parts? Is it possible to have more than one CIFS

Hello, We have samba 3.0.23 installed. We are using free radius to take authentication requests from a nortel vpn server and using ntlm_auth trying to authenticate users against AD. This setup works fine when on the AD side ntlmv1 and ntlmv2 are enabled. (IE. Users can authenticate). However, when only ntlmv2 is enabled users are unable to authenticate. I have searched various places and while

Hi: I have Samba 3.0.2a running on Fedora Core 1. This server is set to be Domain PDC and I am looking to have clients attach to it NTLMv2 only. After looking over the man page for smb.conf, I have set the two options that I thought would accomplish: [Global] lanman auth = no ntlm auth = no On the workstation side, I have set HKLM\SYSTEM\CurrentControlSet\Control\Lsa\lmcompatibilitylevel

> On 10/02/17 17:16, ToddAndMargo via samba wrote: >> Hi All, >> >> Server: >>    Fedora 26 >>    samba-4.6.8-0.fc26.x86_64 >> >> Workstations (5 of them): >>    XP Pro SP3 >> >> >> I set all five of my customer XP workstations to >> >> Send NTLMv2 response only\\refuse LM and NTLM >> >> and turned off

Hello: As many of you already probably know, the neon library is the workhorse for davfs support. However, right now, the current version of libneon has very limited support for NTLM, particularly NTLMv2, both on the challenge/authentication side as well as handling NTLMv2 Session Security. There is a patch somewhere to add NTLMv2 authentication support natively but there is zero support for

Hi All, Server: Fedora 26 samba-4.6.8-0.fc26.x86_64 Workstations (5 of them): XP Pro SP3 I set all five of my customer XP workstations to Send NTLMv2 response only\\refuse LM and NTLM and turned off (smb.conf) lanman auth = yes ntlm auth = yes And had to turn it right back on as the customer's Xerox Workcentre 3550 multifunction printer scanner requires it What are

Ok, I finally could try it out, and it seems to actually work, but You need samba 4.7 on all machines, not only AD, but also server with freeradius. I didn't get a chance to test it locally, that is samba AD + freeradius on the same server. Setup: 4.7.6 AD server and 4.6.2 samba member + freeradius didn't work (got simple "nt_status_wrong_password") but: 4.7.6 AD and 4.7.1

Hi, I'm wondering if samba supports NTLMv2, particullary NTLMv2 session security. But I can't even get NTLM-only to work :(. I'm trying to increase lmcompatibilitylevel, but I can't connect to the samba server anymore when I set it to 2 or higher ("Send NTLM authenication only"). I'm using HEAD CVS of today, and my smb.conf looks like this: [global]

On Fri, 3 Nov 2023 12:27:57 +0100 cYuSeDfZfb cYuSeDfZfb via samba <samba at lists.samba.org> wrote: > Hi, > > I have configured my (RHEL9) standalone samba server with "ntlm auth = > disabled" because we understand that ntlm should be disabled nowadays. > > However, we can no longer use smbclient (4.17) to connect to that > server, as: > > session

On Thu, 21 Sep 2017 12:40:57 -0400 lingpanda101 via samba <samba at lists.samba.org> wrote: > > > I'm not understanding the change to 'ntlm auth' parameter. It's says > default is now ntlmv2-only as a value.  So this takes the place of > 'ntlm auth = no'(ie. ntlm auth = ntlmv2-only)? Using the value of > 'yes' is OK(ie. ntlm auth = yes)? 

Hi, I'm not sure what NTLM version is used as default by authentication between Outlook and dovecot and I couldn't find it out with a packet sniffer. I think its NTLMv2 but I'm not sure so I'm asking here. I know that NTLMv1 is not secure against a man in the middle. _____________________________________________________________________ Der WEB.DE SmartSurfer hilft bis zu 70%

Folks, Our campus AD team has decided that they ... >Need to disable LM/NTLMv1 authentication support to provide greater >security and be consistent with the CITES authentication roadmap. Noble thoughts, but there hasn't been much thought of the ramifications for other, interoperable systems like Samba. I can see that modern Samba versions support NTLMv1 and NTLMv2 methods.

All, I need to force XP clients to use NTLMv2 when mapping to samba 3.6.12. My config is: ntlm auth = No client NTLMv2 auth = Yes client lanman auth = No client plaintext auth = No lanman auth = No XP systems can still map shares with the above config. If I add: max protocol = SMB2 min protocol = SMB2 W7 systems map shares, XP systems cannot map shares even if I change LAN Manager

Hello, I can definately confirm that it's working. My basic setup is: 1) Samba 4.7.6 AD DC (2 of them), compiled from source, on centos 7 2) Freeradius 3.0.13 + samba 4.6.2 as domain member, packages straight from centos repo. // I  tested also on freeradius 3.0.14 and samba 4.7.x smb.conf on the DC is pretty basic, most important is obviously in [globall]:         ntlm auth =

Hi, We support an older version SMB1 server (propietary implementation) which does not support extended security . Mapping a share from that server, using smbclient, was working before applying badlock patches (to the smbclient) , with default settings in smb.conf. However, after applying badlock patches, smbclient fails to map with default settings. When I set the option : "client ntlmv2

ok, tested it, and it works. so to summarize: on samba ad 4.7.x  in smb.conf "ntlm auth" is set to "mschapv2-and-ntlmv2-only" fr + samba domain member (4.6 and 4.7) in mods-available/mschap you have to add to ntlm_auth --allow-mschapv2 to the whole string OR just use winbind method, which sets correct flag without explicitly adding it. with those settings ntlmv1 is blocked