summaryrefslogtreecommitdiffstats
path: root/docs-xml/smbdotconf/security/clientntlmv2auth.xml
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-05 17:47:29 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-05 17:47:29 +0000
commit4f5791ebd03eaec1c7da0865a383175b05102712 (patch)
tree8ce7b00f7a76baa386372422adebbe64510812d4 /docs-xml/smbdotconf/security/clientntlmv2auth.xml
parentInitial commit. (diff)
downloadsamba-4f5791ebd03eaec1c7da0865a383175b05102712.tar.xz
samba-4f5791ebd03eaec1c7da0865a383175b05102712.zip
Adding upstream version 2:4.17.12+dfsg.upstream/2%4.17.12+dfsgupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'docs-xml/smbdotconf/security/clientntlmv2auth.xml')
-rw-r--r--docs-xml/smbdotconf/security/clientntlmv2auth.xml46
1 files changed, 46 insertions, 0 deletions
diff --git a/docs-xml/smbdotconf/security/clientntlmv2auth.xml b/docs-xml/smbdotconf/security/clientntlmv2auth.xml
new file mode 100644
index 0000000..9b47944
--- /dev/null
+++ b/docs-xml/smbdotconf/security/clientntlmv2auth.xml
@@ -0,0 +1,46 @@
+<samba:parameter name="client NTLMv2 auth"
+ context="G"
+ type="boolean"
+ deprecated="1"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>This parameter has been deprecated since Samba 4.13 and
+ support for NTLM and LanMan (as distinct from NTLMv2 or
+ Kerberos authentication)
+ will be removed in a future Samba release.</para>
+ <para>That is, in the future, the current default of
+ <command>client NTLMv2 auth = yes</command>
+ will be the enforced behaviour.</para>
+
+ <para>This parameter determines whether or not <citerefentry><refentrytitle>smbclient</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> will attempt to
+ authenticate itself to servers using the NTLMv2 encrypted password
+ response.</para>
+
+ <para>If enabled, only an NTLMv2 and LMv2 response (both much more
+ secure than earlier versions) will be sent. Older servers
+ (including NT4 &lt; SP4, Win9x and Samba 2.2) are not compatible with
+ NTLMv2 when not in an NTLMv2 supporting domain</para>
+
+ <para>Similarly, if enabled, NTLMv1, <command
+ moreinfo="none">client lanman auth</command> and <command
+ moreinfo="none">client plaintext auth</command>
+ authentication will be disabled. This also disables share-level
+ authentication. </para>
+
+ <para>If disabled, an NTLM response (and possibly a LANMAN response)
+ will be sent by the client, depending on the value of <command
+ moreinfo="none">client lanman auth</command>. </para>
+
+ <para>Note that Windows Vista and later versions already use
+ NTLMv2 by default, and some sites (particularly those following
+ 'best practice' security polices) only allow NTLMv2 responses, and
+ not the weaker LM or NTLM.</para>
+
+ <para>When <smbconfoption name="client use spnego"/> is also set to
+ <constant>yes</constant> extended security (SPNEGO) is required
+ in order to use NTLMv2 only within NTLMSSP. This behavior was
+ introduced with the patches for CVE-2016-2111.</para>
+</description>
+<value type="default">yes</value>
+</samba:parameter>