Hi, is there a way of disabling the creation of the (insecure) lm-hash in the passdb backend of a samba3-pdc? Mark
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mark Proehl wrote:> Hi, > > is there a way of disabling the creation of the (insecure) lm-hash in > the passdb backend of a samba3-pdc?IIRC setting 'lanman auth = no' might do this. Or alternatively just enforce password length > 14 characters. cheers, jerry -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEByjGIR7qMdg1EfYRAqTIAJ0dLnioYqvsB0aTiffwb3LgNU+t2ACfeffr feipmFQwsTsHVC1iTP66fAQ=C+ZV -----END PGP SIGNATURE-----
On 3/2/06, Mark Proehl <M.Proehl@science-computing.de> wrote:> is there a way of disabling the creation of the (insecure) lm-hash in > the passdb backend of a samba3-pdc?The standard way to disable LM hashes in a Microsoft shop is to configure the clients to not save them (Local Security Policy -> Security Options -> "Network security: Do not store LAN Manager hash value on next password change"). I don't think they even offer a server-side option to do so. It does seem like a useful feature for Samba. Josh Kelley