samba - Oct 2012 - new Win7 security setting broke Samba

Good day all!
I administer two Samba servers (RHEL 4.5) which, up to recently, had been
working well.  Our security officials changed the LAN Manager group policy for
the new Win7 systems from 'Send NTLMv2 response only; Refuse LM'  to
'Send NTLMv2 response only; Refuse LM & NTLM'.   We were running
samba 3.0.33.  I have upgraded to 3.6.8-44.  I have tried a variety of different
smb.conf file options to get the new version to work with the mandated security
policy.  We only use Samba to map Linux shares onto Win7 clients.  The Win7
clients are part of a domain but the Linux servers are not.

Any help with how to setup Samba to work in this environment would be greatly
appreciated.

Thank you!
Gabrielle

On Wed, 2012-10-24 at 08:48 -0500, Snyder, Gabrielle S. (LARC-D322)[HP
ES] wrote:
> Good day all!
> I administer two Samba servers (RHEL 4.5) which, up to recently, had
> been working well.  Our security officials changed the LAN Manager
> group policy for the new Win7 systems from 'Send NTLMv2 response only;
> Refuse LM'  to 'Send NTLMv2 response only; Refuse LM &
NTLM'.   We
> were running samba 3.0.33.  I have upgraded to 3.6.8-44.  I have tried
> a variety of different smb.conf file options to get the new version to
> work with the mandated security policy.  We only use Samba to map
> Linux shares onto Win7 clients.  The Win7 clients are part of a domain
> but the Linux servers are not.
> 
> Any help with how to setup Samba to work in this environment would be
> greatly appreciated.
Can you send in your smb.conf?

Samba has, since 3.0, accepted NTLMv2 passwords, so something else is
going wrong here.  Perhaps they also set a smb signing policy, and you
didn't enable smb signing, or you are running 'security=server',
which
is incompatible with NTLMv2?

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org