thr3ads.net - samba - [Samba] Completely Disable NTLM on Samba4 [May 2016]

If this information is useful, please help other people find it:
Share via:

Kelvin Yip

2016-May-19 02:55 UTC

[Samba] Completely Disable NTLM on Samba4

Thanks. I already request as below.

https://bugzilla.samba.org/show_bug.cgi?id=11923

-----Original Message-----
From: Jeremy Allison [mailto:jra at samba.org] 
Sent: Thursday, May 19, 2016 2:54 AM
To: Kelvin Yip <kelvin at icshk.com>
Cc: samba at lists.samba.org
Subject: Re: [Samba] Completely Disable NTLM on Samba4

On Wed, May 18, 2016 at 05:15:40PM +0800, Kelvin Yip
wrote:> Dear all,
> 
>  
> 
> May I know if there is any way to completely disable NTLM and NTLM V2 
> on
> samba4 ? 
> 
> I need to ensure if someone bring their own workstations back to 
> office and they cannot connect to samba4 server using their password.
> 
> On Windows, there are a Security Settings to do this (Local Policies 
> -> Security Options -> Network Security: Restrict NTLM: Incoming NTLM
> Traffic)
> 
> Already tried "ntlm auth = No", but it cannot achieve the
purpose.
I don't think we can do that right now, but you're right it would be
really
useful for us to be able to do this.

Can you log a feature request at bugzilla.samba.org so we can track this ?

Cheers,

Jeremy.

Jeremy Allison

2016-May-19 03:50 UTC

head link

[Samba] Completely Disable NTLM on Samba4

On Thu, May 19, 2016 at 10:55:09AM +0800, Kelvin Yip
wrote:> Thanks. I already request as below.
> 
> https://bugzilla.samba.org/show_bug.cgi?id=11923
Thanks Kelvin, now we have somewhere to track
the patchset.

mathias dufresne

2016-May-23 13:02 UTC

head link

[Samba] Completely Disable NTLM on Samba4

I should have a good karma: my company hired an AD expert from Microsoft
for two days before my vacation : )

I asked him what is their (M$) point of view regarding fully disabling NTLM
& NTLMv2. The answer I remind is: "some services [on client computers]
rely
on NTLM[v2] in certain conditions so don't disable it to avoid strange
issues".
As far as I understand, and if my memory is good enough coming back from
vacation, we should keep NTLM (v2 at least) on DC as they manage
authentication for client computers.
Regarding file servers I expect we can disable NTLM: their role is to offer
files only.

I've asked that MS person to confirm (or not) that. I come back to tell you.

2016-05-19 5:50 GMT+02:00 Jeremy Allison <jra at samba.org>:
> On Thu, May 19, 2016 at 10:55:09AM +0800, Kelvin Yip wrote:
> > Thanks. I already request as below.
> >
> > https://bugzilla.samba.org/show_bug.cgi?id=11923
>
> Thanks Kelvin, now we have somewhere to track
> the patchset.
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

samba - May 2016 - Completely Disable NTLM on Samba4

[Samba] Completely Disable NTLM on Samba4

[Samba] Completely Disable NTLM on Samba4

[Samba] Completely Disable NTLM on Samba4