Disable lanman authentication by default in Samba 4.

diff --git a/selftest/selftest.pl b/selftest/selftest.pl
index aa99b2ed6fbb11bd6904c430979f16b3028189d2..292a2d2dd6bb9139c2c86722a77ecf70e2c85754 100755 (executable)
--- a/selftest/selftest.pl
+++ b/selftest/selftest.pl
@@ -578,6 +578,7 @@ sub write_clientconf($$)
        notify:inotify = false
        ldb:nosync = true
        system:anonymous = true
+       client lanman auth = Yes
        torture:basedir = $prefix_abs/client
 #We don't want to pass our self-tests if the PAC code is wrong
        gensec:require_pac = true

diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index 8c79a31448836153d4f7b5a53e3e65c2101750e8..5cc34c76fd5948924c11fd3a40298ee7e0a5346b 100644 (file)
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -572,6 +572,7 @@ sub provision($$$$$$)
 #We don't want to pass our self-tests if the PAC code is wrong
        gensec:require_pac = true
        log level = $server_loglevel
+       lanman auth = Yes
 
 [tmp]
        path = $tmpdir

diff --git a/source4/param/loadparm.c b/source4/param/loadparm.c
index a019c951de7eb76004c4c6dcb6996f67c894f5cb..18b3dcf75d831be15c44b266989ba6ee9ee4d00c 100644 (file)
--- a/source4/param/loadparm.c
+++ b/source4/param/loadparm.c
@@ -2361,8 +2361,8 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
        lp_do_global_parameter(lp_ctx, "TimeServer", "False");
        lp_do_global_parameter(lp_ctx, "BindInterfacesOnly", "False");
        lp_do_global_parameter(lp_ctx, "Unicode", "True");
-       lp_do_global_parameter(lp_ctx, "ClientLanManAuth", "True");
-       lp_do_global_parameter(lp_ctx, "LanmanAuth", "True");
+       lp_do_global_parameter(lp_ctx, "ClientLanManAuth", "False");
+       lp_do_global_parameter(lp_ctx, "LanmanAuth", "False");
        lp_do_global_parameter(lp_ctx, "NTLMAuth", "True");
        lp_do_global_parameter(lp_ctx, "client use spnego principal", "False");