sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Code
b8b874ef5e
samba-mirror/docs-xml/smbdotconf/security/lanmanauth.xml

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

56 lines
2.5 KiB
XML
Raw Normal View History

Add all the source files from the old CVS tree, add the 5 missing chapters from the HOWTO and add jht's Samba by Example book. (This used to be commit 9fb5bcb93e57c5162b3ee6f9c7d777dc0269d100)
2004-04-07 14:15:11 +04:00
<samba:parameter name="lanman auth"
context="G"
docs:smbdotconf: make formatting of headers uniform. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2015-05-01 00:32:45 +03:00
type="boolean"
param: Disable LanMan authentication unless NTLMv1 is also enabled Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> BUG: https://bugzilla.samba.org/show_bug.cgi?id=11923
2017-07-03 05:11:47 +03:00
function="_lanman_auth"
docs: Deprecate "lanman auth = yes" This feature is only available for SMB1 and we need to warn users that this is going away soon, and allow the removal in a future release under our rules for parameter deprecation. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu Sep 5 04:04:18 UTC 2019 on sn-devel-184
2019-09-05 02:23:22 +03:00
deprecated="1"
Update DTD location (This used to be commit 889dfcc532bd3357314313fe8f70a022a174eef4)
2005-03-13 01:41:20 +03:00
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
Add all the source files from the old CVS tree, add the 5 missing chapters from the HOWTO and add jht's Samba by Example book. (This used to be commit 9fb5bcb93e57c5162b3ee6f9c7d777dc0269d100)
2004-04-07 14:15:11 +04:00
<description>
docs: Deprecate "lanman auth = yes" This feature is only available for SMB1 and we need to warn users that this is going away soon, and allow the removal in a future release under our rules for parameter deprecation. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu Sep 5 04:04:18 UTC 2019 on sn-devel-184
2019-09-05 02:23:22 +03:00
<para>This parameter has been deprecated since Samba 4.11 and
support for LanMan (as distinct from NTLM, NTLMv2 or
Kerberos authentication)
will be removed in a future Samba release.</para>
<para>That is, in the future, the current default of
<command>lanman auth = no</command>
will be the enforced behaviour.</para>
Add all the source files from the old CVS tree, add the 5 missing chapters from the HOWTO and add jht's Samba by Example book. (This used to be commit 9fb5bcb93e57c5162b3ee6f9c7d777dc0269d100)
2004-04-07 14:15:11 +04:00
<para>This parameter determines whether or not <citerefentry><refentrytitle>smbd</refentrytitle>
Clarify that turning off lanman authentiation applies to password changes as well. Andrew Bartlett (This used to be commit 09c4ae5d0b97f94a514fc587412fca2f8d0246a3)
2004-12-23 05:18:53 +03:00
<manvolnum>8</manvolnum></citerefentry> will attempt to
authenticate users or permit password changes
Add all the source files from the old CVS tree, add the 5 missing chapters from the HOWTO and add jht's Samba by Example book. (This used to be commit 9fb5bcb93e57c5162b3ee6f9c7d777dc0269d100)
2004-04-07 14:15:11 +04:00
using the LANMAN password hash. If disabled, only clients which support NT
Clarify that turning off lanman authentiation applies to password changes as well. Andrew Bartlett (This used to be commit 09c4ae5d0b97f94a514fc587412fca2f8d0246a3)
2004-12-23 05:18:53 +03:00
password hashes (e.g. Windows NT/2000 clients, smbclient, but not
Windows 95/98 or the MS DOS network client) will be able to
connect to the Samba host.</para>
Add all the source files from the old CVS tree, add the 5 missing chapters from the HOWTO and add jht's Samba by Example book. (This used to be commit 9fb5bcb93e57c5162b3ee6f9c7d777dc0269d100)
2004-04-07 14:15:11 +04:00
s3/docs: Fix several typos. This fixes bug #6127. Thanks to Justin T Pryzby <justinpryzby [at] users.sourceforge.net> for the review! Karolin
2009-02-20 11:20:16 +03:00
<para>The LANMAN encrypted response is easily broken, due to its
Add all the source files from the old CVS tree, add the 5 missing chapters from the HOWTO and add jht's Samba by Example book. (This used to be commit 9fb5bcb93e57c5162b3ee6f9c7d777dc0269d100)
2004-04-07 14:15:11 +04:00
case-insensitive nature, and the choice of algorithm. Servers
Clarify that turning off lanman authentiation applies to password changes as well. Andrew Bartlett (This used to be commit 09c4ae5d0b97f94a514fc587412fca2f8d0246a3)
2004-12-23 05:18:53 +03:00
without Windows 95/98/ME or MS DOS clients are advised to disable
Add all the source files from the old CVS tree, add the 5 missing chapters from the HOWTO and add jht's Samba by Example book. (This used to be commit 9fb5bcb93e57c5162b3ee6f9c7d777dc0269d100)
2004-04-07 14:15:11 +04:00
this option. </para>
s3:doc: add some detail about lanman auth parameter add interesting detail: lm passwords will be removed from databaѕe with lanman auth = no
2009-10-02 19:55:50 +04:00
<para>When this parameter is set to <value>no</value> this
will also result in sambaLMPassword in Samba's passdb being
blanked after the next password change. As a result of that
lanman clients won't be able to authenticate, even if lanman
Fix various spelling errors Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Nov 6 13:43:45 CET 2015 on sn-devel-104
2015-07-27 00:02:57 +03:00
auth is re-enabled later on.
s3:doc: add some detail about lanman auth parameter add interesting detail: lm passwords will be removed from databaѕe with lanman auth = no
2009-10-02 19:55:50 +04:00
</para>
Add all the source files from the old CVS tree, add the 5 missing chapters from the HOWTO and add jht's Samba by Example book. (This used to be commit 9fb5bcb93e57c5162b3ee6f9c7d777dc0269d100)
2004-04-07 14:15:11 +04:00
docs: Improve documentation of "lanman auth" and "ntlm auth" connection BUG: https://bugzilla.samba.org/show_bug.cgi?id=13981 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2019-06-01 00:04:48 +03:00
<para>Unlike the <parameter moreinfo="none">encrypt
passwords</parameter> option, this parameter cannot alter client
Add all the source files from the old CVS tree, add the 5 missing chapters from the HOWTO and add jht's Samba by Example book. (This used to be commit 9fb5bcb93e57c5162b3ee6f9c7d777dc0269d100)
2004-04-07 14:15:11 +04:00
behaviour, and the LANMAN response will still be sent over the
network. See the <command moreinfo="none">client lanman
auth</command> to disable this for Samba's clients (such as smbclient)</para>
Spelling fixes s/overriden/overridden/ Signed-off-by: Mathieu Parent <math.parent@gmail.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-08-29 22:54:14 +03:00
<para>This parameter is overridden by <parameter moreinfo="none">ntlm
docs: Improve documentation of "lanman auth" and "ntlm auth" connection BUG: https://bugzilla.samba.org/show_bug.cgi?id=13981 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2019-06-01 00:04:48 +03:00
auth</parameter>, so unless that it is also set to
<constant>ntlmv1-permitted</constant> or <constant>yes</constant>,
Spelling fixes s/permited/permitted/ Signed-off-by: Mathieu Parent <math.parent@gmail.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-08-29 23:42:36 +03:00
then only NTLMv2 logins will be permitted and no LM hash will be
docs: Improve documentation of "lanman auth" and "ntlm auth" connection BUG: https://bugzilla.samba.org/show_bug.cgi?id=13981 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2019-06-01 00:04:48 +03:00
stored. All modern clients support NTLMv2, and but some older
clients require special configuration to use it.</para>
s4-auth: Remove last traces of LanMan authentiation support in the AD DC. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Mar 29 03:32:57 UTC 2022 on sn-devel-184
2022-03-25 02:18:01 +03:00
<para><emphasis>This parameter has no impact on the Samba AD DC,
LM authentication is always disabled and no LM password is ever
stored.</emphasis></para>
Add all the source files from the old CVS tree, add the 5 missing chapters from the HOWTO and add jht's Samba by Example book. (This used to be commit 9fb5bcb93e57c5162b3ee6f9c7d777dc0269d100)
2004-04-07 14:15:11 +04:00
</description>
Update docs to match the new defaults in Samba 3.2.0 and later. Andrew Bartlett (This used to be commit ac0589c95625e754a6eca6e7da483b9b78afb35a)
2007-09-10 06:51:19 +04:00
<value type="default">no</value>
Add all the source files from the old CVS tree, add the 5 missing chapters from the HOWTO and add jht's Samba by Example book. (This used to be commit 9fb5bcb93e57c5162b3ee6f9c7d777dc0269d100)
2004-04-07 14:15:11 +04:00
</samba:parameter>
Copy Permalink