2004-04-07 14:15:11 +04:00
<samba:parameter name= "lanman auth"
context="G"
type="boolean"
advanced="1" developer="1"
2005-03-13 01:41:20 +03:00
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
2004-04-07 14:15:11 +04:00
<description >
<para > This parameter determines whether or not <citerefentry > <refentrytitle > smbd</refentrytitle>
2004-12-23 05:18:53 +03:00
<manvolnum > 8</manvolnum> </citerefentry> will attempt to
authenticate users or permit password changes
2004-04-07 14:15:11 +04:00
using the LANMAN password hash. If disabled, only clients which support NT
2004-12-23 05:18:53 +03:00
password hashes (e.g. Windows NT/2000 clients, smbclient, but not
Windows 95/98 or the MS DOS network client) will be able to
connect to the Samba host.</para>
2004-04-07 14:15:11 +04:00
<para > The LANMAN encrypted response is easily broken, due to it's
case-insensitive nature, and the choice of algorithm. Servers
2004-12-23 05:18:53 +03:00
without Windows 95/98/ME or MS DOS clients are advised to disable
2004-04-07 14:15:11 +04:00
this option. </para>
<para > Unlike the <command moreinfo= "none" > encypt
passwords</command> option, this parameter cannot alter client
behaviour, and the LANMAN response will still be sent over the
network. See the <command moreinfo= "none" > client lanman
auth</command> to disable this for Samba's clients (such as smbclient)</para>
<para > If this option, and <command moreinfo= "none" > ntlm
auth</command> are both disabled, then only NTLMv2 logins will be
permited. Not all clients support NTLMv2, and most will require
2004-12-23 05:18:53 +03:00
special configuration to use it.</para>
2004-04-07 14:15:11 +04:00
</description>
<value type= "default" > yes</value>
</samba:parameter>
