Univention Bugzilla – Bug 41034
Set "ntlm auth = no" in smb.conf (Samba/AD)
Last modified: 2016-09-21 18:10:15 CEST
+++ This bug was initially created as a clone of Bug #41033 +++
Without 'ntlm auth = no', there may still be clients not using NTLMv2. The elder original protocol version sends the password hashes across the wire, which may be observed and brute-forced easily. As far as I currently know Samba/AD DCs running 4.3.7 will default to this setting, but for member/file-servers it would be good to adjust the default too.
We should also consider setting "smb signing = required", which also appears to be default for Samba 4.3.7 AD DCs.
It's "server signing = mandatory" instead of "smb signing = required".
FAIL - new ucr vars descriptions
make: Entering directory `/var/build/temp/tmp.GeeqAE1W3b/univention-samba4-5.0.1'
Incomplete entries in variable definition univention-samba4.univention-config-registry-variables
univention-samba4.univention-config-registry-variables is not up-to-date.
OK - no changes in default settings
OK - new ucr vars
Fixed, rebuilt, advisory updated.
(In reply to Arvid Requate from comment #5)
> Fixed, rebuilt, advisory updated.
OK - ucr desc
OK - YAML