The Samba-Bugzilla – Attachment 15240 Details for
Bug 13981
lanman auth and ntlm auth connection is poorly documented
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch for 4.9 and 4.10 cherry-picked from master
0001-docs-Improve-documentation-of-lanman-auth-and-ntlm-a.patch (text/plain), 3.36 KB, created by
Andrew Bartlett
on 2019-06-11 10:30:28 UTC
(
hide
)
Description:
patch for 4.9 and 4.10 cherry-picked from master
Filename:
MIME Type:
Creator:
Andrew Bartlett
Created:
2019-06-11 10:30:28 UTC
Size:
3.36 KB
patch
obsolete
>From 07fdf8d7560e728596c9376966474b88a00e19fc Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Sat, 1 Jun 2019 09:04:48 +1200 >Subject: [PATCH] docs: Improve documentation of "lanman auth" and "ntlm auth" > connection > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13981 > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >(cherry picked from commit dbf3e81f7f0b28c69dca004b32ea3a7344b0cad3) >--- > docs-xml/smbdotconf/security/lanmanauth.xml | 14 ++++++++------ > docs-xml/smbdotconf/security/ntlmauth.xml | 9 +++++---- > 2 files changed, 13 insertions(+), 10 deletions(-) > >diff --git a/docs-xml/smbdotconf/security/lanmanauth.xml b/docs-xml/smbdotconf/security/lanmanauth.xml >index a9e4f88b89f..97f2fb04dcb 100644 >--- a/docs-xml/smbdotconf/security/lanmanauth.xml >+++ b/docs-xml/smbdotconf/security/lanmanauth.xml >@@ -24,16 +24,18 @@ > auth is re-enabled later on. > </para> > >- <para>Unlike the <command moreinfo="none">encrypt >- passwords</command> option, this parameter cannot alter client >+ <para>Unlike the <parameter moreinfo="none">encrypt >+ passwords</parameter> option, this parameter cannot alter client > behaviour, and the LANMAN response will still be sent over the > network. See the <command moreinfo="none">client lanman > auth</command> to disable this for Samba's clients (such as smbclient)</para> > >- <para>If this option, and <command moreinfo="none">ntlm >- auth</command> are both disabled, then only NTLMv2 logins will be >- permited. Not all clients support NTLMv2, and most will require >- special configuration to use it.</para> >+ <para>This parameter is overriden by <parameter moreinfo="none">ntlm >+ auth</parameter>, so unless that it is also set to >+ <constant>ntlmv1-permitted</constant> or <constant>yes</constant>, >+ then only NTLMv2 logins will be permited and no LM hash will be >+ stored. All modern clients support NTLMv2, and but some older >+ clients require special configuration to use it.</para> > </description> > > <value type="default">no</value> >diff --git a/docs-xml/smbdotconf/security/ntlmauth.xml b/docs-xml/smbdotconf/security/ntlmauth.xml >index dceae44d81b..dd5dbaea117 100644 >--- a/docs-xml/smbdotconf/security/ntlmauth.xml >+++ b/docs-xml/smbdotconf/security/ntlmauth.xml >@@ -19,11 +19,9 @@ > control NTLM authentiation for domain users, this must option must > be configured on each DC.</para> > >- <para>By default with <command moreinfo="none">lanman >- auth</command> set to <constant>no</constant> and >- <command moreinfo="none">ntlm auth</command> set to >+ <para>By default with <command moreinfo="none">ntlm auth</command> set to > <constant>ntlmv2-only</constant> only NTLMv2 logins will be >- permited. Most clients support NTLMv2 by default, but some older >+ permited. All modern clients support NTLMv2 by default, but some older > clients will require special configuration to use it.</para> > > <para>The primary user of NTLMv1 is MSCHAPv2 for VPNs and 802.1x.</para> >@@ -35,6 +33,9 @@ > <para><constant>ntlmv1-permitted</constant> > (alias <constant>yes</constant>) - Allow NTLMv1 and above for all clients.</para> > >+ <para>This is the required setting for to enable the <parameter >+ moreinfo="none">lanman auth</parameter> parameter.</para> >+ > </listitem> > > <listitem> >-- >2.17.1 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
abartlet
:
review?
(
gary
)
gary
:
review+
Actions:
View
Attachments on
bug 13981
: 15240