On Fri, 2005-06-24 at 15:02 -0400, Maurice Volaski wrote: > >Maurice Volaski wrote: > > > >> Apparently it was possible from Windows 2000 and XP clients > >> to ignore the case of a mixed-case password and successfully > > > logon users in samba-2.2.8a. Samba 3.0.14a-r1, however, is > >> case-sensitive. (Passwords are stored in the smbpasswd file > >> and encrypt passwords = Yes.) > > > >lanman passwords are case insensitive. NTLM passwords are > >case sensitive. > > > > Yes, but they appear to have been irrelevant under samba-2.2.8a > because W2K and XP seem to send the passwords in both forms. > > In addition, samba 3.0.14a-r1 has an option ntlm auth, which when > set to "no" is supposed to be disable NTLM password authentication, > but samba appears to ignore this option and always requires NTLM > passwords if the client offers them. I filed this as bug 2821.
Turing this option off should restrict Samba to Kerberos and NLTMv2 logins. There is no way to force Samba to ignore a supplied NT response in favour of the less secure LM response. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Samba Developer, SuSE Labs, Novell Inc. http://suse.de Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net
signature.asc
Description: This is a digitally signed message part
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
