Re: [Samba] freeradius + NTLM + samba AD 4.5.x
- Date: Tue, 27 Mar 2018 13:32:46 +1300
- From: Andrew Bartlett via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] freeradius + NTLM + samba AD 4.5.x
On Mon, 2018-03-26 at 13:37 +0100, Rowland Penny via samba wrote:
> Have you ever heard of 'wannacry' ? or to put it another way 'VERY
To be clear, NTLMv1 and wannacry are unrelated. (Wannacry/wannacrypt
used an SMBv1 exploit, but NTLMv1 is negotiable without SMBv1).
NTLMv1 is quite insecure, in that it was 24 hours and 100 USD of cloud
credit to crack a couple of years back.
Avoiding both is of course still a really good idea.
SMBv1 isn't so much an insecure protocol as that SMBv2 has the fortune
of being implemented more recently, after coding techniques improved
both in the Samba Team and at Microsoft (and SMBv2 has some good
security features in the more recent versions).
So, retiring SMBv1 allows us to retire a lot of code that was written
in the 1990's, which is a good thing.
I hope this clarifies things,
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
To unsubscribe from this list go to the following URL and read the