Migrate to NTLM V2
in [Samba]
|
From: Jeremy Allison on 8 Jul 2010 17:30 On Thu, Jul 08, 2010 at 01:19:20PM +0200, Martin Hochreiter wrote: > Hi! > > We have a Samba 3.5.4 PDC with openldap database and > we are using currently ntlm (V1) > > We want to use ntlmV2 and I want to know what is necessary > to do that - > is it just the change of the conf options or do we have to convert > the ldap - stored ntlm (V1) hashes to ntlmV2 before we can use it? The hashes stored are not NTLMv1 or v2, that's the protocol that uses the hashes. The stored hashes are MD4. So you don't need to convert any hashes in LDAP to go to NTLMv2 protocol security. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Martin Hochreiter on 9 Jul 2010 03:00 > The hashes stored are not NTLMv1 or v2, that's the protocol > that uses the hashes. The stored hashes are MD4. So you don't > need to convert any hashes in LDAP to go to NTLMv2 protocol > security. > > Jeremy. > > Thank you Jeremy ... that makes things much easier :) regards martin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Gaiseric Vandal on 9 Jul 2010 06:40 Can you post the list if this works? A while back I tried changing smb.conf settings to require NTLM v2. I then tried logging in (via remote desktop) to a Win 2003 machine and was unable too. This wasn't critical so changed smb.conf back to allowing NTLM v1. -----Original Message----- From: samba-bounces(a)lists.samba.org [mailto:samba-bounces(a)lists.samba.org] On Behalf Of Martin Hochreiter Sent: Friday, July 09, 2010 2:54 AM To: samba(a)lists.samba.org Subject: Re: [Samba] Migrate to NTLM V2 > The hashes stored are not NTLMv1 or v2, that's the protocol > that uses the hashes. The stored hashes are MD4. So you don't > need to convert any hashes in LDAP to go to NTLMv2 protocol > security. > > Jeremy. > > Thank you Jeremy ... that makes things much easier :) regards martin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Martin Hochreiter on 9 Jul 2010 11:30 Am 09.07.2010 12:35 schrieb Gaiseric Vandal: > Can you post the list if this works? A while back I tried changing smb.conf > settings to require NTLM v2. I then tried logging in (via remote desktop) > to a Win 2003 machine and was unable too. This wasn't critical so changed > smb.conf back to allowing NTLM v1. > If I don't forget to post after testing, I will :) We do have to test squid & samba auth as well as freeradius and samba auth first with the new ntlmV2. That will take some time ... regards Martin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
|
Pages: 1 Prev: File owner SID instead of name showing for one user Next: How to regenerate passdb.tdb |