sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-08-04 08:22:08 +03:00
Code Activity

docs-xml:smbdotconf: default "ntlm auth" to "no"

Browse Source 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Stefan Metzmacher
2016-03-15 21:59:42 +01:00
parent 70827ca78c
commit cd8dfed1a6
3 changed files with 10 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
docs-xml/smbdotconf/security/ntlmauth.xml
View File

@ -12,8 +12,14 @@
<para>If this option, and <command moreinfo="none">lanman
auth</command> are both disabled, then only NTLMv2 logins will be
permited. Not all clients support NTLMv2, and most will require
special configuration to use it.</para>
special configuration to use it.</para>
<para>The primary user of NTLMv1 is MSCHAPv2 for VPNs and 802.1x.</para>
<para>The default changed from "yes" to "no" with Samba 4.5.</para>
</description>
<value type="default">yes</value>
<related>lanman auth</related>
<related>raw NTLMv2 auth</related>
<value type="default">no</value>
</samba:parameter>

2
lib/param/loadparm.c
View File

@ -2630,7 +2630,7 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
lpcfg_do_global_parameter(lp_ctx, "ClientLanManAuth", "False");
lpcfg_do_global_parameter(lp_ctx, "ClientNTLMv2Auth", "True");
lpcfg_do_global_parameter(lp_ctx, "LanmanAuth", "False");
lpcfg_do_global_parameter(lp_ctx, "NTLMAuth", "True");
lpcfg_do_global_parameter(lp_ctx, "NTLMAuth", "False");
lpcfg_do_global_parameter(lp_ctx, "RawNTLMv2Auth", "False");
lpcfg_do_global_parameter(lp_ctx, "client use spnego principal", "False");

2
source3/param/loadparm.c
View File

@ -690,7 +690,7 @@ static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals)
Globals.client_lanman_auth = false; /* Do NOT use the LanMan hash if it is available */
Globals.client_plaintext_auth = false; /* Do NOT use a plaintext password even if is requested by the server */
Globals.lanman_auth = false; /* Do NOT use the LanMan hash, even if it is supplied */
Globals.ntlm_auth = true; /* Do use NTLMv1 if it is supplied by the client (otherwise NTLMv2) */
Globals.ntlm_auth = false; /* Do NOT use NTLMv1 if it is supplied by the client (otherwise NTLMv2) */
Globals.raw_ntlmv2_auth = false; /* Reject NTLMv2 without NTLMSSP */
Globals.client_ntlmv2_auth = true; /* Client should always use use NTLMv2, as we can't tell that the server supports it, but most modern servers do */
/* Note, that we will also use NTLM2 session security (which is different), if it is available */