moreinfo="none">ntlm_auth</command> tool).</para>
</listitem>
+ <listitem>
+ <para><constant>disabled</constant> - Do not allow NTLM (or
+ LanMan) authentication of any level as a server.</para>
+ </listitem>
+
</itemizedlist>
<para>The default changed from <constant>yes</constant> to
};
static const struct enum_list enum_ntlm_auth[] = {
+ {NTLM_AUTH_DISABLED, "disabled"},
{NTLM_AUTH_NTLMV2_ONLY, "ntlmv2-only"},
{NTLM_AUTH_NTLMV2_ONLY, "no"},
{NTLM_AUTH_NTLMV2_ONLY, "false"},
DATA_BLOB tmp_sess_key;
const char *upper_client_domain = NULL;
+ if (ntlm_auth == NTLM_AUTH_DISABLED) {
+ DBG_WARNING("ntlm_password_check: NTLM authentication not "
+ "permitted by configuration.\n");
+ return NT_STATUS_NTLM_BLOCKED;
+ }
+
if (client_domain != NULL) {
upper_client_domain = talloc_strdup_upper(mem_ctx, client_domain);
if (upper_client_domain == NULL) {
#define __LIBCLI_AUTH_NTLM_CHECK_H__
/* mangled names options */
-enum ntlm_auth_level {NTLM_AUTH_ON,
+enum ntlm_auth_level {NTLM_AUTH_DISABLED, NTLM_AUTH_ON,
NTLM_AUTH_NTLMV2_ONLY,
NTLM_AUTH_MSCHAPv2_NTLMV2_ONLY};