Web lists-archives.com

Re: [Samba] "lanman auth" question

How old is the scanner ?   Did you check for a firmware update for it?    NTLM has been around for so long that it is hard to imagine anything that has to have LANMAN support.

On 10/02/17 19:08, ToddAndMargo via samba wrote:
On 10/02/17 17:16, ToddAndMargo via samba wrote:
Hi All,

   Fedora 26

Workstations (5 of them):
   XP Pro SP3

I set all five of my customer XP workstations to

Send NTLMv2 response only\\refuse LM and NTLM

and turned off (smb.conf)

  lanman auth = yes
  ntlm auth = yes

And had to turn it right back on as the customer's
Xerox Workcentre 3550 multifunction printer scanner
requires it

What are the security ramification to Samba?

Many thanks,
Tony Ewell, B.S.E.E.
Owner, Rent-A-Nerd Computer Services
775-265-5150,  9:00 am to 5:00 pm PST/PDT

Error from the scanner:

Destination 1      : Status....Failed
Status Details     : username or password is wrong
Friendly Name      : WorkCenter
Server Name        :
Path               : scans
Protocol           : SMB
Filing Policy      : CHANGENAME
Document Name      : 1

On 10/02/2017 03:49 PM, Gaiseric Vandal via samba wrote:
> lanman should always be disabled.  use "testparm -v" to make sure the
> settings are applied as you expect.  With different samba versions, the
> defaults may change.
> I don't think you can disable ntlmv1 but leave ntlmv2 enabled.  I could
> be wrong.          NTLMv2 is stronger.     And I think clients will
> negotiate the strongest common protocol.      If you are in a small
> network where you can see what is getting added, and you are using
> ethernet switches (not ethernet hubs) to minimize packet capture, you
> should be OK.     (unless you are designing the next stealth
> fighter.)     Best practices would dictate NTLMv2 if possible.
> I would try disabling lanman, leaving ntlm enabled and see if the xerox
> works.

If I disable (as I did), then the scanner won't save to smb.
So, I am stuck with it.

To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba