The Samba-Bugzilla – Bug 2821
Samba 3's ntlm auth option is ignored
Last modified: 2005-07-15 15:52:45 UTC
When logging into samba-2.2.8a that is utilizing smbpasswd with encrypted password = Yes, it
appears that passwords were not case-sensitive (and therefore NTLM passwords could not be used).
I'm assuming there was a bug (not posted here) that had been fixed since passwords in 3.0.14a are
There is a new option called ntlm auth. Presumably, setting that to "No" should disable NTLM
authentication and allow mixed-case passwords to be accepted via LM (assuming NTLMv2 is disabled
on the client). It appears that is not the case and setting this option to "No" is ignored.
The only bug here would be to documentation. There is deliberatly no way to
force Samba to ignore an NT response in favor of the less secure LM response.
The ntlm auth parameter is about upgrading, not downgrading the level of
security on the host. It causes only NTLMv2 and kerberos logins to be accepted.
andrew says behavior by design.