Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[Samba] Completely Disable NTLM on Samba4
1,637 views
Skip to first unread message
Kelvin Yip
May 18, 2016, 5:30:03 AM5/18/16
to
Dear all,
May I know if there is any way to completely disable NTLM and NTLM V2 on
samba4 ?
I need to ensure if someone bring their own workstations back to office and
they cannot connect to samba4 server using their password.
On Windows, there are a Security Settings to do this (Local Policies ->
Security Options -> Network Security: Restrict NTLM: Incoming NTLM Traffic)
Already tried "ntlm auth = No", but it cannot achieve the purpose.
Thanks.
Best,
Kelvin Yip
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
May I know if there is any way to completely disable NTLM and NTLM V2 on
samba4 ?
I need to ensure if someone bring their own workstations back to office and
they cannot connect to samba4 server using their password.
On Windows, there are a Security Settings to do this (Local Policies ->
Security Options -> Network Security: Restrict NTLM: Incoming NTLM Traffic)
Already tried "ntlm auth = No", but it cannot achieve the purpose.
Thanks.
Best,
Kelvin Yip
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Jeremy Allison
May 18, 2016, 3:00:03 PM5/18/16
to
On Wed, May 18, 2016 at 05:15:40PM +0800, Kelvin Yip wrote:
> Dear all,
>
>
>
> May I know if there is any way to completely disable NTLM and NTLM V2 on
> samba4 ?
>
> I need to ensure if someone bring their own workstations back to office and
> they cannot connect to samba4 server using their password.
>
> On Windows, there are a Security Settings to do this (Local Policies ->
> Security Options -> Network Security: Restrict NTLM: Incoming NTLM Traffic)
>
> Already tried "ntlm auth = No", but it cannot achieve the purpose.
I don't think we can do that right now, but you're right it
> Dear all,
>
>
>
> May I know if there is any way to completely disable NTLM and NTLM V2 on
> samba4 ?
>
> I need to ensure if someone bring their own workstations back to office and
> they cannot connect to samba4 server using their password.
>
> On Windows, there are a Security Settings to do this (Local Policies ->
> Security Options -> Network Security: Restrict NTLM: Incoming NTLM Traffic)
>
> Already tried "ntlm auth = No", but it cannot achieve the purpose.
would be really useful for us to be able to do this.
Can you log a feature request at bugzilla.samba.org so
we can track this ?
Cheers,
Jeremy.
Kelvin Yip
May 18, 2016, 11:00:02 PM5/18/16
to
Jeremy Allison
May 19, 2016, 12:00:03 AM5/19/16
to
On Thu, May 19, 2016 at 10:55:09AM +0800, Kelvin Yip wrote:
> Thanks. I already request as below.
>
> https://bugzilla.samba.org/show_bug.cgi?id=11923
Thanks Kelvin, now we have somewhere to track
> Thanks. I already request as below.
>
> https://bugzilla.samba.org/show_bug.cgi?id=11923
the patchset.
mathias dufresne
May 23, 2016, 9:10:04 AM5/23/16
to
I should have a good karma: my company hired an AD expert from Microsoft
for two days before my vacation : )
I asked him what is their (M$) point of view regarding fully disabling NTLM
& NTLMv2. The answer I remind is: "some services [on client computers] rely
on NTLM[v2] in certain conditions so don't disable it to avoid strange
issues".
As far as I understand, and if my memory is good enough coming back from
vacation, we should keep NTLM (v2 at least) on DC as they manage
authentication for client computers.
Regarding file servers I expect we can disable NTLM: their role is to offer
files only.
I've asked that MS person to confirm (or not) that. I come back to tell you.
for two days before my vacation : )
I asked him what is their (M$) point of view regarding fully disabling NTLM
& NTLMv2. The answer I remind is: "some services [on client computers] rely
on NTLM[v2] in certain conditions so don't disable it to avoid strange
issues".
As far as I understand, and if my memory is good enough coming back from
vacation, we should keep NTLM (v2 at least) on DC as they manage
authentication for client computers.
Regarding file servers I expect we can disable NTLM: their role is to offer
files only.
I've asked that MS person to confirm (or not) that. I come back to tell you.
0 new messages