| 1 | <samba:parameter name="client ntlmv2 auth"
|
|---|
| 2 | context="G"
|
|---|
| 3 | type="boolean"
|
|---|
| 4 | advanced="1" developer="1"
|
|---|
| 5 | xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
|
|---|
| 6 | <description>
|
|---|
| 7 | <para>This parameter determines whether or not <citerefentry><refentrytitle>smbclient</refentrytitle>
|
|---|
| 8 | <manvolnum>8</manvolnum></citerefentry> will attempt to
|
|---|
| 9 | authenticate itself to servers using the NTLMv2 encrypted password
|
|---|
| 10 | response.</para>
|
|---|
| 11 |
|
|---|
| 12 | <para>If enabled, only an NTLMv2 and LMv2 response (both much more
|
|---|
| 13 | secure than earlier versions) will be sent. Older servers
|
|---|
| 14 | (including NT4 < SP4, Win9x and Samba 2.2) are not compatible with
|
|---|
| 15 | NTLMv2 when not in an NTLMv2 supporting domain</para>
|
|---|
| 16 |
|
|---|
| 17 | <para>Similarly, if enabled, NTLMv1, <command
|
|---|
| 18 | moreinfo="none">client lanman auth</command> and <command
|
|---|
| 19 | moreinfo="none">client plaintext auth</command>
|
|---|
| 20 | authentication will be disabled. This also disables share-level
|
|---|
| 21 | authentication. </para>
|
|---|
| 22 |
|
|---|
| 23 | <para>If disabled, an NTLM response (and possibly a LANMAN response)
|
|---|
| 24 | will be sent by the client, depending on the value of <command
|
|---|
| 25 | moreinfo="none">client lanman auth</command>. </para>
|
|---|
| 26 |
|
|---|
| 27 | <para>Note that Windows Vista and later versions already use
|
|---|
| 28 | NTLMv2 by default, and some sites (particularly those following
|
|---|
| 29 | 'best practice' security polices) only allow NTLMv2 responses, and
|
|---|
| 30 | not the weaker LM or NTLM.</para>
|
|---|
| 31 | </description>
|
|---|
| 32 | <value type="default">yes</value>
|
|---|
| 33 | </samba:parameter>
|
|---|
