| blob | 60e1c86809e24a4bb805e742db4e83f73296938d |
1 <samba:parameter name="client lanman auth"
2 context="G"
3 type="boolean"
4 deprecated="1"
5 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
6 <description>
7 <para>This parameter has been deprecated since Samba 4.13 and
8 support for LanMan (as distinct from NTLM, NTLMv2 or
9 Kerberos) authentication as a client
10 will be removed in a future Samba release.</para>
11 <para>That is, in the future, the current default of
12 <command>client NTLMv2 auth = yes</command>
13 will be the enforced behaviour.</para>
15 <para>This parameter determines whether or not <citerefentry><refentrytitle>smbclient</refentrytitle>
16 <manvolnum>8</manvolnum></citerefentry> and other samba client
17 tools will attempt to authenticate itself to servers using the
18 weaker LANMAN password hash. If disabled, only server which support NT
19 password hashes (e.g. Windows NT/2000, Samba, etc... but not
20 Windows 95/98) will be able to be connected from the Samba client.</para>
22 <para>The LANMAN encrypted response is easily broken, due to its
23 case-insensitive nature, and the choice of algorithm. Clients
24 without Windows 95/98 servers are advised to disable
25 this option. </para>
27 <para>Disabling this option will also disable the <command
28 moreinfo="none">client plaintext auth</command> option.</para>
30 <para>Likewise, if the <command moreinfo="none">client ntlmv2
31 auth</command> parameter is enabled, then only NTLMv2 logins will be
32 attempted.</para>
33 </description>
35 <value type="default">no</value>
36 </samba:parameter>