From: Jeremy Allison on
On Thu, Jul 08, 2010 at 01:19:20PM +0200, Martin Hochreiter wrote:
> Hi!
>
> We have a Samba 3.5.4 PDC with openldap database and
> we are using currently ntlm (V1)
>
> We want to use ntlmV2 and I want to know what is necessary
> to do that -
> is it just the change of the conf options or do we have to convert
> the ldap - stored ntlm (V1) hashes to ntlmV2 before we can use it?

The hashes stored are not NTLMv1 or v2, that's the protocol
that uses the hashes. The stored hashes are MD4. So you don't
need to convert any hashes in LDAP to go to NTLMv2 protocol
security.

Jeremy.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
From: Martin Hochreiter on




> The hashes stored are not NTLMv1 or v2, that's the protocol
> that uses the hashes. The stored hashes are MD4. So you don't
> need to convert any hashes in LDAP to go to NTLMv2 protocol
> security.
>
> Jeremy.
>
>
Thank you Jeremy ... that makes things much easier :)

regards
martin
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
From: Gaiseric Vandal on
Can you post the list if this works? A while back I tried changing smb.conf
settings to require NTLM v2. I then tried logging in (via remote desktop)
to a Win 2003 machine and was unable too. This wasn't critical so changed
smb.conf back to allowing NTLM v1.

-----Original Message-----
From: samba-bounces(a)lists.samba.org [mailto:samba-bounces(a)lists.samba.org]
On Behalf Of Martin Hochreiter
Sent: Friday, July 09, 2010 2:54 AM
To: samba(a)lists.samba.org
Subject: Re: [Samba] Migrate to NTLM V2





> The hashes stored are not NTLMv1 or v2, that's the protocol
> that uses the hashes. The stored hashes are MD4. So you don't
> need to convert any hashes in LDAP to go to NTLMv2 protocol
> security.
>
> Jeremy.
>
>
Thank you Jeremy ... that makes things much easier :)

regards
martin
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
From: Martin Hochreiter on
Am 09.07.2010 12:35 schrieb Gaiseric Vandal:
> Can you post the list if this works? A while back I tried changing smb.conf
> settings to require NTLM v2. I then tried logging in (via remote desktop)
> to a Win 2003 machine and was unable too. This wasn't critical so changed
> smb.conf back to allowing NTLM v1.
>

If I don't forget to post after testing, I will :)

We do have to test squid & samba auth as well as
freeradius and samba auth first with the new ntlmV2.

That will take some time ...

regards
Martin
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba