samba - Jan 2022 - Remove LanMan auth from the AD DC and possibly file server?

On 1/26/22 04:50, Andrew Bartlett via samba wrote:
> What do folks think?
Has this something to do with "server min protocol = NT1"?
If the answer is yes...



Normally I would say, go ahead!

However, I have more than one customer with some MFP printers that will 
drop scanned documents onto an SMB share and refuse to work with recent 
security standards.
As much as I'd like to see these legacy wagons go away, that's not going
to happen any time soon.

Normally I'd just drop SMB completely and configure SMTP instead, but 
this isn't always possible or desired by the customer.



If answer is no, please ignore the noise.

  bye & Thanks
	av.

On Wed, 2022-01-26 at 13:35 +0100, Andrea Venturoli via samba
wrote:
> On 1/26/22 04:50, Andrew Bartlett via samba wrote:
> 
> > What do folks think?
> 
> Has this something to do with "server min protocol = NT1"?
> If the answer is yes...
> 
> 
> 
> Normally I would say, go ahead!
> 
> However, I have more than one customer with some MFP printers that
> will 
> drop scanned documents onto an SMB share and refuse to work with
> recent 
> security standards.
> As much as I'd like to see these legacy wagons go away, that's not
> going 
> to happen any time soon.
> 
> Normally I'd just drop SMB completely and configure SMTP instead,
> but 
> this isn't always possible or desired by the customer.
> 
> 
> 
> If answer is no, please ignore the noise.
No, server min protocol = NT1 will still work, provided the device
supports NTLM authentication or better, just not the old LanMan used by
the likes of Win9X, Win3.11, DOS and OS/2.  

This has been disabled by default for a very long time.

Andrew Bartlett

-- 
Andrew Bartlett (he/him)       https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead, Catalyst IT   https://catalyst.net.nz/services/samba

Samba Development and Support, Catalyst IT - Expert Open Source
Solutions