Our Windows network has been set to only use NTLMv2 for security. I
made the following changes to my smb.conf and we have been working fine:
client schannel = Auto
server schannel = Auto
lanman auth = No
ntlm auth = No
client NTLMv2 auth = Yes
client lanman auth = No
client plaintext auth = No
From: Kai Blin [mailto:kai.blin@xxxxxxxxx]
Sent: Monday, February 05, 2007 7:16 AM
Subject: Re: Vista(by default NTLMv2) - Samba Security =
domain,connection from vista failed
On Monday 05 February 2007 12:18, gomathi palanimuthu wrote:
> I've been testing out Windows Vista Enterprise today. It defaults to
> using NTLMV2 authentication.
> *client NTLMv2 auth = yes*
> *client lanman auth = no*
> *ntlm auth = no*
> *lanman auth = no* (Read from lists.org that if we set ntlm auth as
> lanman auth to 'no', samba will default to NTLMv2 security support).
> But, still connection is not working from Vista.
Are you sure the "ntlm auth = no" is correct? I'm not running a windows
myself, so I can't check but in any case samba should correctly
NTLMv2 if the other side requests this. Speaking as someone who has
clue about running samba and quite some idea how the samba ntlm code
I'm sure samba tries to do NTLMv2 authentication initially.
> Is there any configuration parameters missed out for this particular
> of security??
Unless someone can offer additional config parameters I have no idea
guess we would be interested in a network capture of a non-working and a
working authentication attempt.
Of course I'm not a samba dev, so those more familiar with all this
a way better solution.
Kai Blin, <kai Dot blin At gmail Dot com>
WorldForge developer http://www.worldforge.org/
Wine developer http://wiki.winehq.org/KaiBlin/
Will code for cotton.
Privileged and Confidential. This e-mail, and any attachments there to, is
intended only for use by the addressee(s) named herein and may contain
privileged or confidential information. If you have received this e-mail in
error, please notify me immediately by a return e-mail and delete this e-mail.
You are hereby notified that any dissemination, distribution or copying of this
e-mail and/or any attachments thereto, is strictly prohibited.