On Tue, 2010-02-09 at 10:47 +1000, Jake Carroll wrote: > Hi list. > > I've been running up against a bunch of ntlm v2 related issues recently with > Windows 7 and Mac OS X 10.6 client systems attempting to connect to my > Solaris 10 samba 3.0.37 server. > > As it turns out, Sun engineering suggest that because I use "security = > SERVER" rather than "security = DOMAIN", ntlmv2 auth will never actually > work, even if I have settings such as: > > client lanman auth = no > ntlm auth = no > client ntlmv2 auth = yes > > So - I guess the question is, is it possible to use ntlmv2 with security = > server, or does that fundamentally not make sense? The suggestions > engineering have given me suggest it's just not possible and it needs to be > running in domain mode to work. Any work arounds/techniques to get around > such an issue?
You should never use 'security=server' if there is any other possible way to authenticate your users. It is a disgusting man in the middle attack, that therefore makes important security features go away, including NTLMv2. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Cisco Inc.
signature.asc
Description: This is a digitally signed message part
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
