RE: [Samba] NTLMv2 in Samba 3.0
I tested NTLMv2 again using the newly created Samba 3.0.2 (I didn't test 3.0.1). It still doesn't seem to work. Has anyone successfully made NTLMv2 work? If so, can I have a working sample of the smb.conf file? I have included below entries in my smb.conf (among other entries): security = server password server = NTDomainController client ntlmv2 auth = yes On both NTDomainController and W2k client, I have Imcompatibilitylevel set to 3 or 5 from the Registry Editor for LSA. On NTDomainController, it also has both NtlmMinClientSec and NtlmMinServerSec set to 0x0008 (to permit only NTLMv2 session security). I just cannot map a drive from W2k client to the Samba server running Solaris 8. Thanks a lot in advance. Dan -Original Message- From: Andrew Bartlett [mailto:[EMAIL PROTECTED] Sent: Saturday, October 25, 2003 11:29 PM To: Chu, Dan [IT] Cc: '[EMAIL PROTECTED]' Subject: Re: [Samba] NTLMv2 in Samba 3.0 On Fri, 2003-10-24 at 06:53, Chu, Dan [IT] wrote: Hello, Has anyone successfully configured Samba 3.0 to authenticate using NTLMv2 only? I have below entry in smb.conf: password server = domain controller to use domain controller for user authentication and DC is configured with Level 5 - DC refuses LM and NTLM authentication (accepts only NTLMv2). So far I got: System error 1326 has occurred. Logon failure: unknown user name or bad password. errors. I am not sure what option(s) to use in the smb.conf file to make it work. My understanding is that Samba 3.0 defaults to NTLMv2 if password server is configured to accept NTLMv2. As a server, Samba 3.0 implements NTLMv2 by default. Samba also passes on NTLMv2 authentication attempts to the DC without modification, so it can validate them. As a client, you need to specify 'client ntlmv2 auth = yes' to force Samba to use NTLMv2, as it is incompatible with older servers. It is not possible to 'modify' an NTLM authentication request into NTLMv2, so if your clients are not configured correctly, they will not correctly talk to an NTLMv2 enforcing server/domain. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] NTLMv2 in Samba 3.0
Andrew, Thank you for your reply. I'm not sure what is not required. Do you mean client ntlmv2 auth = yes ? Anyway, I've changed it to security = domain in smb.conf (all other entries remain intact). I was able to join the samba server to the NT domain using the net join utility. Then restarted the samba daemons. When trying to map a drive from an W2k client, I got below error: Configuration information could not be read from the domain controller, either because the machine is unavailable, or access has been denied. What did I miss here? Thanks, Dan -Original Message- From: Andrew Bartlett [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 11, 2004 4:35 PM To: Chu, Dan Cc: Andrew Bartlett; [EMAIL PROTECTED] Subject: RE: [Samba] NTLMv2 in Samba 3.0 On Thu, 2004-02-12 at 08:27, Chu, Dan wrote: I tested NTLMv2 again using the newly created Samba 3.0.2 (I didn't test 3.0.1). It still doesn't seem to work. Has anyone successfully made NTLMv2 work? If so, can I have a working sample of the smb.conf file? I have included below entries in my smb.conf (among other entries): security = server password server = NTDomainController client ntlmv2 auth = yes This is not required for pass-though NTLMv2 authentication. On both NTDomainController and W2k client, I have Imcompatibilitylevel set to 3 or 5 from the Registry Editor for LSA. On NTDomainController, it also has both NtlmMinClientSec and NtlmMinServerSec set to 0x0008 (to permit only NTLMv2 session security). I just cannot map a drive from W2k client to the Samba server running Solaris 8. Use 'security=domain'. NTLM2 session security is not compatible with 'security=server'. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] NTLMv2 in Samba 3.0
On Fri, 2003-10-24 at 06:53, Chu, Dan [IT] wrote: Hello, Has anyone successfully configured Samba 3.0 to authenticate using NTLMv2 only? I have below entry in smb.conf: password server = domain controller to use domain controller for user authentication and DC is configured with Level 5 - DC refuses LM and NTLM authentication (accepts only NTLMv2). So far I got: System error 1326 has occurred. Logon failure: unknown user name or bad password. errors. I am not sure what option(s) to use in the smb.conf file to make it work. My understanding is that Samba 3.0 defaults to NTLMv2 if password server is configured to accept NTLMv2. As a server, Samba 3.0 implements NTLMv2 by default. Samba also passes on NTLMv2 authentication attempts to the DC without modification, so it can validate them. As a client, you need to specify 'client ntlmv2 auth = yes' to force Samba to use NTLMv2, as it is incompatible with older servers. It is not possible to 'modify' an NTLM authentication request into NTLMv2, so if your clients are not configured correctly, they will not correctly talk to an NTLMv2 enforcing server/domain. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
