On Wed, 2007-03-07 at 03:57 -0800, jamurph wrote: > I'm running Centos 4.3 and Samba 3.0.24. I have an OpenLDAP backend. I have > successfully got a Windows Domain to work, Windows XP -> Samba -> OpenLDAP. > I can add machines to the domain and I can login and change passwords. The > trouble is that I'm using NTLM and have been told that I must upgrade to > NTLMv2, but I'm having great difficulty doing so. > > I have existing NTLM users. I want to disable the use of NTLM, so I ran > secpol.msc and changed the LAN Manager Authentication Level to: > > "Send NTLMv2 response only \ refuse LM and NTLM passwords" > > I change smb.conf to include: > ntlm auth = no > client ntlmv2 auth = yes > client lanman auth = no > lanman auth = no > min protocol = NT1 > > I restarted the PC and Samba > > However, I can still login users which have NTLM hash passwords, is this > right? I don't think so. Does samba cache machine settings anywhere? I know > Samba works, I'm missing some configuration, I just don't know what it is > > When I run smbpasswd, it seems to create NTLM hashed passwords? Should it > only create NTLMv2 passwords if I set client ntlmv2 auth = yes? > > I created new users and I have stored an NTLMv2 hashed password in > sambaNTPassword, I'm assuming NTLMv2 passwords need to be stored in this > attribute as I don't see an alternative?
The server stores the same password hash for NTLMv2 as NTLM. The difference is how the challenge-response is calculated. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. http://redhat.com
signature.asc
Description: This is a digitally signed message part
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
