Thanks by the points.
On 9/11/07, Andrew Bartlett <[EMAIL PROTECTED]> wrote: > On Mon, 2007-09-10 at 11:36 -0300, mups.cp wrote: > > > > min protocol = LANMAN2 > > > > max protocol = NT1 > > > > > > Why are you setting this? > > > > I prefer set this values because I force the server to accept only > > secure protocol. Windows protocols earlier than LANMAN2 could be > > easily eavesdropped from the network. LANMAN2 and higher are stronger. > > Not really. Aside from a new experiment with the CIFS posix extensions, > all carry the data in cleartext. In terms of passwords, > > > I remember from L0pht Crack that attacked this. > > The default 'min protocol' could allows some kind of attack in the network. > > If the attacker is 'active', then they could spoof this anyway. If the > attacker is passive, the clients negotiate the strongest security > anyway. > > For a long time windows clients have refused to send cleartext > passwords. Samba 3.2.0 will likewise refuse by default. > > The message I'm trying to put out is that with Samba 3.0, if you don't > want to sent a password l0phtcrack will enjoy, set either: > > client lanman auth = no > > (this will be the default in Samba 3.2) > or if you want NTLMv2, set > > client ntlmv2 auth = yes > > It is that simple to have Samba more secure, and messing with other > protocol options etc will just bite you later, if we have good reason to > change the defaults. > > Andrew Bartlett > > -- > Andrew Bartlett > http://samba.org/~abartlet/ > Authentication Developer, Samba Team http://samba.org > Samba Developer, Red Hat Inc. > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
