Web lists-archives.com

Re: [Samba] "lanman auth" question




lanman should always be disabled.  use "testparm -v" to make sure the settings are applied as you expect.  With different samba versions, the defaults may change.

I don't think you can disable ntlmv1 but leave ntlmv2 enabled.  I could be wrong.          NTLMv2 is stronger.     And I think clients will negotiate the strongest common protocol.      If you are in a small network where you can see what is getting added, and you are using ethernet switches (not ethernet hubs) to minimize packet capture, you should be OK.     (unless you are designing the next stealth fighter.)     Best practices would dictate NTLMv2 if possible.


I would try disabling lanman, leaving ntlm enabled and see if the xerox works.


On 10/02/17 17:16, ToddAndMargo via samba wrote:
Hi All,

Server:
   Fedora 26
   samba-4.6.8-0.fc26.x86_64

Workstations (5 of them):
   XP Pro SP3


I set all five of my customer XP workstations to

Send NTLMv2 response only\\refuse LM and NTLM

and turned off (smb.conf)

  lanman auth = yes
  ntlm auth = yes

And had to turn it right back on as the customer's
Xerox Workcentre 3550 multifunction printer scanner
requires it

What are the security ramification to Samba?

Many thanks,
-T
Tony Ewell, B.S.E.E.
Owner, Rent-A-Nerd Computer Services
775-265-5150,  9:00 am to 5:00 pm PST/PDT


Error from the scanner:

Destination 1      : Status....Failed
Status Details     : username or password is wrong
Friendly Name      : WorkCenter
Server Name        : 192.168.255.12
Path               : scans
Protocol           : SMB
Filing Policy      : CHANGENAME
Document Name      : 1







--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba