Web lists-archives.com

Re: [Samba] samba 4.5.10 and old clients with NTLMv1




In an AD environment, it's better to push out a GPO to force WindowsXP to
use NTLMv2. I believe it's under "Security Settings" -> "Local Security
Policy" -> "Security Options" -> "Network security: LAN Manager
authentication level". Change the value to "Send NTLMv2 response
only\refuse LM and NTLM"

If there's no AD involved, you can manually change the associated Windows
registry entry "LmCompatibilityLevel" to "3". I believe it is under "
HKLM\SYSTEM\CurrentControlSet\Control\Lsa"

On Thu, Jul 27, 2017 at 4:18 AM, Stefan G. Weichinger via samba <
samba@xxxxxxxxxxxxxxx> wrote:

>
> At a customer they still have some old VMs around that run Windows XP.
>
> Yes, I already provided them with newer VMs ... but the users still
> need/want the old machines as well.
>
> Now the batch file with the "net use" statements fail, as far as I have
> researched because of the weak and outdated NTLMv1:
>
> [2017/07/27 11:11:08.538343,  2]
> ../libcli/auth/ntlm_check.c:424(ntlm_password_check)
>   ntlm_password_check: NTLMv1 passwords NOT PERMITTED for user vmuser1
>
> I assume I can enable that via the parameter "ntlm auth = yes"?
> Currently it is "no", sure.
>
> It's a global parameter, according to the man page, is there a way to
> only enable NTLMv1 for this specific share?
>
> thanks, regards, Stefan
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba