diff options
| author | John Terpstra <jht@samba.org> | 2003-04-25 04:36:08 +0000 |
|---|---|---|
| committer | John Terpstra <jht@samba.org> | 2003-04-25 04:36:08 +0000 |
| commit | 7aa3d6c2ad2ce7ba5dd76ccd03fdf90da672ed93 (patch) | |
| tree | 753af935c11a029320b8dc1d03b5b92f7f5f54b1 /docs/docbook/projdoc/securing-samba.sgml | |
| parent | 803f2570325df38220cfc6b54dabaa2758b4fe75 (diff) | |
| download | samba-7aa3d6c2ad2ce7ba5dd76ccd03fdf90da672ed93.tar.gz samba-7aa3d6c2ad2ce7ba5dd76ccd03fdf90da672ed93.tar.bz2 samba-7aa3d6c2ad2ce7ba5dd76ccd03fdf90da672ed93.zip | |
Fixing typos.
(This used to be commit fe13a878d50f325482c6d626ed5dd6e399e4b853)
Diffstat (limited to 'docs/docbook/projdoc/securing-samba.sgml')
| -rw-r--r-- | docs/docbook/projdoc/securing-samba.sgml | 49 |
1 files changed, 38 insertions, 11 deletions
diff --git a/docs/docbook/projdoc/securing-samba.sgml b/docs/docbook/projdoc/securing-samba.sgml index e9e8c4f9f8..eedc7ba725 100644 --- a/docs/docbook/projdoc/securing-samba.sgml +++ b/docs/docbook/projdoc/securing-samba.sgml @@ -2,6 +2,7 @@ <chapterinfo> &author.tridge; + &author.jht; <pubdate>17 March 2003</pubdate> </chapterinfo> @@ -36,8 +37,8 @@ might be: </para> <para><programlisting> - hosts allow = 127.0.0.1 192.168.2.0/24 192.168.3.0/24 - hosts deny = 0.0.0.0/0 + hosts allow = 127.0.0.1 192.168.2.0/24 192.168.3.0/24 + hosts deny = 0.0.0.0/0 </programlisting></para> <para> @@ -66,8 +67,8 @@ You can change this behaviour using options like the following: </para> <para><programlisting> - interfaces = eth* lo - bind interfaces only = yes + interfaces = eth* lo + bind interfaces only = yes </programlisting></para> <para> @@ -105,10 +106,10 @@ UDP ports to allow and block. Samba uses the following: </para> <para><programlisting> -UDP/137 - used by nmbd -UDP/138 - used by nmbd -TCP/139 - used by smbd -TCP/445 - used by smbd + UDP/137 - used by nmbd + UDP/138 - used by nmbd + TCP/139 - used by smbd + TCP/445 - used by smbd </programlisting></para> <para> @@ -135,9 +136,9 @@ To do that you could use: </para> <para><programlisting> - [ipc$] - hosts allow = 192.168.115.0/24 127.0.0.1 - hosts deny = 0.0.0.0/0 + [ipc$] + hosts allow = 192.168.115.0/24 127.0.0.1 + hosts deny = 0.0.0.0/0 </programlisting></para> <para> @@ -164,6 +165,32 @@ methods listed above for some reason. </sect1> <sect1> +<title>NTLMv2 Security</title> + +<para> +To configure NTLMv2 authentication the following registry keys are worth knowing about: +</para> + +<para> +<programlisting> + [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] + "lmcompatibilitylevel"=dword:00000003 + + 0x3 - Send NTLMv2 response only. Clients will use NTLMv2 authentication, + use NTLMv2 session security if the server supports it. Domain + controllers accept LM, NTLM and NTLMv2 authentication. + + [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0] + "NtlmMinClientSec"=dword:00080000 + + 0x80000 - NTLMv2 session security. If either NtlmMinClientSec or + NtlmMinServerSec is set to 0x80000, the connection will fail if NTLMv2 + session security is not negotiated. +</programlisting> +</para> +</sect1> + +<sect1> <title>Upgrading Samba</title> <para> |