Use NTLMv2 Authentication with Samba

samba4 windows samba windows-10
43,727

Solution 1

Supposedly, Samba's defaults match the following values, but I had to set them explicitly:

lanman auth = no
ntlm auth = yes
client lanman auth = no

Solution 2

Check the Windows registry for the key:

HKLM\System\CurrentControlSet\Control\Lsa\LmCompatibilityLevel

If this is set to 0 then Windows will try to connect only using NTLMv1. I have seen this registry key set like this on several Windows 10 machines, and I'm not sure why. However, you can delete this registry key and Windows will revert to its default behavior which is to use NTLMv2 and connect to Samba 4 fine.

Share:
43,727

Related videos on Youtube

palswim
Author by

palswim

Updated on September 18, 2022

Comments

  • palswim
    palswim 19 days

    Trying to connect to Samba shares on a Linux host with a Windows 10 client, even after setting the client Security Policy to allow non-NTLMv2 authentication, the client still gives errors like "The specified password is not correct." when using valid account credentials.

    It sounds like most systems can support NTLMv2 authentication, so I'd like to just enable it on my Samba host and no longer worry about supporting the older protocols. It sounds like Samba defaults to having the NTLMv2 option, but, what parameters do I need to set to satisfy Windows (i.e. use NTLMv2 only)?

  • Lectrode
    Lectrode about 4 years
    Ran into the same issue using samba 4.8.5. Your solution still works. Thank you!
  • Lectrode
    Lectrode about 4 years
    Upon further investigation, it looks like ntlm auth = ntlmv2-only is default. This will not work if Windows is set to NTVLM2 responses only to LM and NTLM - use NTLMV2 session security if negotiated. It will only work if Windows is set to Send NTLMv2 response only. Setting ntlm auth = yes allows NTLMv1 and above, which allows Windows to start with less secure protocol, but negotiate higher.
  • Elliott B
    Elliott B 10 months
    yes is an alias for ntlmv1-permitted so this doesn't answer the question. This actually does the opposite, i.e. enabling NTLMv1.

Recents

How to control Windows 10 via Linux terminal?
Why am I getting some extra, weird characters when making a file from grep output?
Unix to verify file has no content and empty lines
BASH: can grep on command line, but not in script
Safari on iPad occasionally doesn't recognize ASP.NET postback links
anchor tag not working in safari (ios) for iPhone/iPod Touch/iPad
Logging SOAP request and response on server side
How to delete system.profile collection from a MongoDB?
Using Tomcat, @WebFilter doesn't work with <filter-mapping> inside web.xml
Externalize Tomcat configuration
Datapump import is unable to open the log file
Is there a comprehensive list of tomcat roles?

Related

Windows 10 Home cannot connect to samba share on Linux
Store Windows print driver on Samba for a CUPS print server
smbclient tree connect failed nt_status_bad_network_name when folder exists
'sed' is not recognized as an internal or external command (Windows 10)
Internet explorer ignores flash mms.cfg settings
Displaying GUI Application in Docker Container on Windows 10 Host Without Linux Servers
How to get user password expiration date from Active Directory?
Using Git with a Samba shared folder
Visual Studio 2015 slow
Windows 10 Bluetooth Low Energy Connection c#