Dear all, May I know if there is any way to completely disable NTLM and NTLM V2 on samba4 ? I need to ensure if someone bring their own workstations back to office and they cannot connect to samba4 server using their password. On Windows, there are a Security Settings to do this (Local Policies -> Security Options -> Network Security: Restrict NTLM: Incoming NTLM Traffic) Already tried "ntlm auth = No", but it cannot achieve the purpose. Thanks. Best, Kelvin Yip
On Wed, May 18, 2016 at 05:15:40PM +0800, Kelvin Yip wrote:> Dear all, > > > > May I know if there is any way to completely disable NTLM and NTLM V2 on > samba4 ? > > I need to ensure if someone bring their own workstations back to office and > they cannot connect to samba4 server using their password. > > On Windows, there are a Security Settings to do this (Local Policies -> > Security Options -> Network Security: Restrict NTLM: Incoming NTLM Traffic) > > Already tried "ntlm auth = No", but it cannot achieve the purpose.I don't think we can do that right now, but you're right it would be really useful for us to be able to do this. Can you log a feature request at bugzilla.samba.org so we can track this ? Cheers, Jeremy.
Thanks. I already request as below. https://bugzilla.samba.org/show_bug.cgi?id=11923 -----Original Message----- From: Jeremy Allison [mailto:jra at samba.org] Sent: Thursday, May 19, 2016 2:54 AM To: Kelvin Yip <kelvin at icshk.com> Cc: samba at lists.samba.org Subject: Re: [Samba] Completely Disable NTLM on Samba4 On Wed, May 18, 2016 at 05:15:40PM +0800, Kelvin Yip wrote:> Dear all, > > > > May I know if there is any way to completely disable NTLM and NTLM V2 > on > samba4 ? > > I need to ensure if someone bring their own workstations back to > office and they cannot connect to samba4 server using their password. > > On Windows, there are a Security Settings to do this (Local Policies > -> Security Options -> Network Security: Restrict NTLM: Incoming NTLM > Traffic) > > Already tried "ntlm auth = No", but it cannot achieve the purpose.I don't think we can do that right now, but you're right it would be really useful for us to be able to do this. Can you log a feature request at bugzilla.samba.org so we can track this ? Cheers, Jeremy.