and <command moreinfo="none">ntlm auth</command> are all disabled,
then only clients with SPNEGO support will be permitted.
That means NTLMv2 is only supported within NTLMSSP.</para>
-
- <para>Note that the default will change to "no" with Samba 4.5.</para>
</description>
-<value type="default">yes</value>
-<value type="example">no</value>
+<related>lanman auth</related>
+<related>ntlm auth</related>
+<value type="default">no</value>
</samba:parameter>
lpcfg_do_global_parameter(lp_ctx, "ClientNTLMv2Auth", "True");
lpcfg_do_global_parameter(lp_ctx, "LanmanAuth", "False");
lpcfg_do_global_parameter(lp_ctx, "NTLMAuth", "True");
- lpcfg_do_global_parameter(lp_ctx, "RawNTLMv2Auth", "True");
+ lpcfg_do_global_parameter(lp_ctx, "RawNTLMv2Auth", "False");
lpcfg_do_global_parameter(lp_ctx, "client use spnego principal", "False");
lpcfg_do_global_parameter(lp_ctx, "UnixExtensions", "True");
Globals.client_plaintext_auth = false; /* Do NOT use a plaintext password even if is requested by the server */
Globals.lanman_auth = false; /* Do NOT use the LanMan hash, even if it is supplied */
Globals.ntlm_auth = true; /* Do use NTLMv1 if it is supplied by the client (otherwise NTLMv2) */
- Globals.raw_ntlmv2_auth = true; /* Allow NTLMv2 without NTLMSSP */
+ Globals.raw_ntlmv2_auth = false; /* Reject NTLMv2 without NTLMSSP */
Globals.client_ntlmv2_auth = true; /* Client should always use use NTLMv2, as we can't tell that the server supports it, but most modern servers do */
/* Note, that we will also use NTLM2 session security (which is different), if it is available */