Change to Samba default config in Samba 4.5.0
Just for this lists attention as it may affect some people here. Note the warning at the top of the latest Samba Release Notes, copied below. I haven't tested it, but it could potentially affect people authenticating against Samba as a domain controller (but probably not winbind to Microsoft AD). Probably another good hint that MSCHAPv2 is ancient, and something like EAP-TLS would be more appropriate today... :) Thanks, Matthew Release Announcements --------------------- This is the first stable release of the Samba 4.5 release series. UPGRADING ========= NTLMv1 authentication disabled by default ----------------------------------------- In order to improve security we have changed the default value for the "ntlm auth" option from "yes" to "no". This may have impact on very old clients which doesn't support NTLMv2 yet. The primary user of NTLMv1 is MSCHAPv2 for VPNs and 802.1x. By default, Samba will only allow NTLMv2 via NTLMSSP now, as we have the following default "lanman auth = no", "ntlm auth = no" and "raw NTLMv2 auth = no". ..... ----- End forwarded message ----- -- Matthew Newton, Ph.D. <mcn4@leicester.ac.uk> Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, <ithelp@le.ac.uk>
participants (1)
-
Matthew Newton