sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-26 21:57:41 +03:00
Code

docs: Improve documentation of "lanman auth" and "ntlm auth" connection

Browse Source 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13981

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This commit is contained in:
Andrew Bartlett 2019-06-01 09:04:48 +12:00 committed by Andreas Schneider
parent 046de05521
commit dbf3e81f7f
2 changed files with 13 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
docs-xml/smbdotconf/security/lanmanauth.xml
View File

@ -24,16 +24,18 @@
auth is re-enabled later on.
</para>
<para>Unlike the <command moreinfo="none">encrypt
passwords</command> option, this parameter cannot alter client
<para>Unlike the <parameter moreinfo="none">encrypt
passwords</parameter> option, this parameter cannot alter client
behaviour, and the LANMAN response will still be sent over the
network. See the <command moreinfo="none">client lanman
auth</command> to disable this for Samba's clients (such as smbclient)</para>
<para>If this option, and <command moreinfo="none">ntlm
auth</command> are both disabled, then only NTLMv2 logins will be
permited. Not all clients support NTLMv2, and most will require
special configuration to use it.</para>
<para>This parameter is overriden by <parameter moreinfo="none">ntlm
auth</parameter>, so unless that it is also set to
<constant>ntlmv1-permitted</constant> or <constant>yes</constant>,
then only NTLMv2 logins will be permited and no LM hash will be
stored. All modern clients support NTLMv2, and but some older
clients require special configuration to use it.</para>
</description>
<value type="default">no</value>

9
docs-xml/smbdotconf/security/ntlmauth.xml
View File

@ -19,11 +19,9 @@
control NTLM authentiation for domain users, this must option must
be configured on each DC.</para>
<para>By default with <command moreinfo="none">lanman
auth</command> set to <constant>no</constant> and
<command moreinfo="none">ntlm auth</command> set to
<para>By default with <command moreinfo="none">ntlm auth</command> set to
<constant>ntlmv2-only</constant> only NTLMv2 logins will be
permited. Most clients support NTLMv2 by default, but some older
permited. All modern clients support NTLMv2 by default, but some older
clients will require special configuration to use it.</para>
<para>The primary user of NTLMv1 is MSCHAPv2 for VPNs and 802.1x.</para>
@ -35,6 +33,9 @@
<para><constant>ntlmv1-permitted</constant>
(alias <constant>yes</constant>) - Allow NTLMv1 and above for all clients.</para>
<para>This is the required setting for to enable the <parameter
moreinfo="none">lanman auth</parameter> parameter.</para>
</listitem>
<listitem>