The Samba-Bugzilla – Attachment 13417 Details for
Bug 12929
ntlm auth smb.conf entry is not clear about domain auth
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch for master
0001-smb.conf-Explain-that-ntlm-auth-is-a-per-passdb-sett.patch (text/plain), 2.22 KB, created by
Andrew Bartlett
on 2017-07-24 02:10:22 UTC
(
hide
)
Description:
patch for master
Filename:
MIME Type:
Creator:
Andrew Bartlett
Created:
2017-07-24 02:10:22 UTC
Size:
2.22 KB
patch
obsolete
>From b05332d2feb9ade2efc9e669a407df236d572486 Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Mon, 24 Jul 2017 14:09:19 +1200 >Subject: [PATCH] smb.conf: Explain that "ntlm auth" is a per-passdb setting > >This parameter has always applied to this passdb only, not to domain >authentication. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12929 >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >--- > docs-xml/smbdotconf/security/ntlmauth.xml | 18 ++++++++++++++---- > 1 file changed, 14 insertions(+), 4 deletions(-) > >diff --git a/docs-xml/smbdotconf/security/ntlmauth.xml b/docs-xml/smbdotconf/security/ntlmauth.xml >index f0969bf9ed2..dceae44d81b 100644 >--- a/docs-xml/smbdotconf/security/ntlmauth.xml >+++ b/docs-xml/smbdotconf/security/ntlmauth.xml >@@ -6,8 +6,18 @@ > <description> > <para>This parameter determines whether or not <citerefentry><refentrytitle>smbd</refentrytitle> > <manvolnum>8</manvolnum></citerefentry> will attempt to >- authenticate users using the NTLM encrypted password response. >- If disabled, NTLM and LanMan authencication is disabled server-wide.</para> >+ authenticate users using the NTLM encrypted password response for >+ this local passdb (SAM or account database). </para> >+ >+ <para>If disabled, both NTLM and LanMan authencication against the >+ local passdb is disabled.</para> >+ >+ <para>Note that these settings apply only to local users, >+ authentication will still be forwarded to and NTLM authentication >+ accepted against any domain we are joined to, and any trusted >+ domain, even if disabled or if NTLMv2-only is enforced here. To >+ control NTLM authentiation for domain users, this must option must >+ be configured on each DC.</para> > > <para>By default with <command moreinfo="none">lanman > auth</command> set to <constant>no</constant> and >@@ -41,8 +51,8 @@ > </listitem> > > <listitem> >- <para><constant>disabled</constant> - Do not allow NTLM (or >- LanMan) authentication of any level as a server, nor permit >+ <para><constant>disabled</constant> - Do not accept NTLM (or >+ LanMan) authentication of any level, nor permit > NTLM password changes.</para> > </listitem> > >-- >2.11.0 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 12929
: 13417 |
13477