| Line | |
|---|
| 1 | <samba:parameter name="client lanman auth"
|
|---|
| 2 | context="G"
|
|---|
| 3 | type="boolean"
|
|---|
| 4 | advanced="1" developer="1"
|
|---|
| 5 | xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
|
|---|
| 6 | <description>
|
|---|
| 7 | <para>This parameter determines whether or not <citerefentry><refentrytitle>smbclient</refentrytitle>
|
|---|
| 8 | <manvolnum>8</manvolnum></citerefentry> and other samba client
|
|---|
| 9 | tools will attempt to authenticate itself to servers using the
|
|---|
| 10 | weaker LANMAN password hash. If disabled, only server which support NT
|
|---|
| 11 | password hashes (e.g. Windows NT/2000, Samba, etc... but not
|
|---|
| 12 | Windows 95/98) will be able to be connected from the Samba client.</para>
|
|---|
| 13 |
|
|---|
| 14 | <para>The LANMAN encrypted response is easily broken, due to its
|
|---|
| 15 | case-insensitive nature, and the choice of algorithm. Clients
|
|---|
| 16 | without Windows 95/98 servers are advised to disable
|
|---|
| 17 | this option. </para>
|
|---|
| 18 |
|
|---|
| 19 | <para>Disabling this option will also disable the <command
|
|---|
| 20 | moreinfo="none">client plaintext auth</command> option.</para>
|
|---|
| 21 |
|
|---|
| 22 | <para>Likewise, if the <command moreinfo="none">client ntlmv2
|
|---|
| 23 | auth</command> parameter is enabled, then only NTLMv2 logins will be
|
|---|
| 24 | attempted.</para>
|
|---|
| 25 | </description>
|
|---|
| 26 |
|
|---|
| 27 | <value type="default">no</value>
|
|---|
| 28 | </samba:parameter>
|
|---|
Note:
See
TracBrowser
for help on using the repository browser.
