Re: [Samba] "lanman auth" question
- Date: Mon, 2 Oct 2017 16:08:53 -0700
- From: ToddAndMargo via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] "lanman auth" question
On 10/02/17 17:16, ToddAndMargo via samba wrote:
Workstations (5 of them):
XP Pro SP3
I set all five of my customer XP workstations to
Send NTLMv2 response only\\refuse LM and NTLM
and turned off (smb.conf)
lanman auth = yes
ntlm auth = yes
And had to turn it right back on as the customer's
Xerox Workcentre 3550 multifunction printer scanner
What are the security ramification to Samba?
Tony Ewell, B.S.E.E.
Owner, Rent-A-Nerd Computer Services
775-265-5150, 9:00 am to 5:00 pm PST/PDT
Error from the scanner:
Destination 1 : Status....Failed
Status Details : username or password is wrong
Friendly Name : WorkCenter
Server Name : 192.168.255.12
Path : scans
Protocol : SMB
Filing Policy : CHANGENAME
Document Name : 1
On 10/02/2017 03:49 PM, Gaiseric Vandal via samba wrote:
> lanman should always be disabled. use "testparm -v" to make sure the
> settings are applied as you expect. With different samba versions, the
> defaults may change.
> I don't think you can disable ntlmv1 but leave ntlmv2 enabled. I could
> be wrong. NTLMv2 is stronger. And I think clients will
> negotiate the strongest common protocol. If you are in a small
> network where you can see what is getting added, and you are using
> ethernet switches (not ethernet hubs) to minimize packet capture, you
> should be OK. (unless you are designing the next stealth
> fighter.) Best practices would dictate NTLMv2 if possible.
> I would try disabling lanman, leaving ntlm enabled and see if the xerox
If I disable (as I did), then the scanner won't save to smb.
So, I am stuck with it.
To unsubscribe from this list go to the following URL and read the