address bug #359. Andrew B's patch for implementing client

portion of NTLMv2 key exchange.  Also revert the default for
'client ntlmv2 auth' to no.  This caused no ends of grief in
different cases.

And based on abartlet's mail....

> All I care about at this point is that we use NTLMv2
> in our client code when connecting to a server that
> supports it.

There is *no* way to tell this.  The server can't tell us, because it
doesn't know what it's DC supports.  The DC can't tell us, because it
doesn't know what the trusted DC supports.  One DC might be Win2k, and
the PDC could be an older NT4.
(This used to be commit fe585d49cc3df0d71314ff43d3271d276d7d4503)

1 files changed, 6 insertions, 0 deletions

diff --git a/docs/docbook/smbdotconf/security/clientntlmv2auth.xml b/docs/docbook/smbdotconf/security/clientntlmv2auth.xml
index 0bf196488b..611ebcd094 100644
--- a/docs/docbook/smbdotconf/security/clientntlmv2auth.xml
+++ b/docs/docbook/smbdotconf/security/clientntlmv2auth.xml
@@ -13,6 +13,12 @@
     (including NT4 < SP4, Win9x and Samba 2.2) are not compatible with
     NTLMv2.  </para>
 
+    <para>Similarly, if enabled, NTLMv1, <command
+    moreinfo="none">client lanman auth</command> and <command
+    moreinfo="none">client plaintext auth</command>
+    authentication will be disabled.  This also disables share-level 
+    authentication. </para>
+
     <para>If disabled, an NTLM response (and possibly a LANMAN response)
     will be sent by the client, depending on the value of <command
     moreinfo="none">client lanman auth</command>.  </para>