2821 – Samba 3's ntlm auth option is ignored

Bug 2821 - Samba 3's ntlm auth option is ignored

Summary: Samba 3's ntlm auth option is ignored

Status:	RESOLVED WONTFIX

Alias:	None

Product:	Samba 3.0
Classification:	Unclassified
Component:	File Services (show other bugs)
Version:	3.0.14a
Hardware:	All All

Importance:	P3 normal
Target Milestone:	none
Assignee:	Samba Bugzilla Account
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2005-06-23 12:04 UTC by mvolaski
Modified:	2005-07-15 15:52 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description mvolaski 2005-06-23 12:04:04 UTC

When logging into samba-2.2.8a that is utilizing smbpasswd with encrypted password = Yes, it 
appears that passwords were not case-sensitive (and therefore NTLM passwords could not be used).

I'm assuming there was a bug (not posted here) that had been fixed since passwords in 3.0.14a are 
case-sensitive. 

There is a new option called ntlm auth. Presumably, setting that to "No" should disable NTLM 
authentication and allow mixed-case passwords to be accepted via LM (assuming NTLMv2 is disabled 
on the client). It appears that is not the case and setting this option to "No" is ignored.

Comment 1 Andrew Bartlett 2005-06-28 05:20:10 UTC

The only bug here would be to documentation.  There is deliberatly no way to
force Samba to ignore an NT response in favor of the less secure LM response.  

The ntlm auth parameter is about upgrading, not downgrading the level of
security on the host.  It causes only NTLMv2 and kerberos logins to be accepted.

Comment 2 Gerald (Jerry) Carter (dead mail address) 2005-07-15 15:52:45 UTC

andrew says behavior by design.