Good morning, I'm trying to set up a FreeRADIUS server for authentication against Active Directory. I followed the guide on deployingradius.com. In order to make everything work I have to set “ntlm auth = yes” in my smb.conf. This should enable NTLMv1 protocol that is well known to be broken. I also know that there is the possibility to set “ntlm auth = mschapv2-and-ntlmv2-only” but that’s not supported on my currently running SAMBA version. So these are my questions: - What are the risks that I’m taking if I leave “ntlm auth = yes” on my SAMBA server? - How can I avoid “ntlm auth = yes” without upgrading SAMBA? - If I decide to upgrade SAMBA and set “ntlm auth = mschapv2-and-ntlmv2-only” can I rest easy or I’m still being vulnerable in some way? Thank you for your attention, have a great day. Best regards