This parameter determines whether or not smbd
8 will attempt to
authenticate users or permit password changes
using the LANMAN password hash. If disabled, only clients which support NT
password hashes (e.g. Windows NT/2000 clients, smbclient, but not
Windows 95/98 or the MS DOS network client) will be able to
connect to the Samba host.
The LANMAN encrypted response is easily broken, due to it's
case-insensitive nature, and the choice of algorithm. Servers
without Windows 95/98/ME or MS DOS clients are advised to disable
this option.
Unlike the encrypt
passwords option, this parameter cannot alter client
behaviour, and the LANMAN response will still be sent over the
network. See the client lanman
auth to disable this for Samba's clients (such as smbclient)
If this option, and ntlm
auth are both disabled, then only NTLMv2 logins will be
permited. Not all clients support NTLMv2, and most will require
special configuration to use it.
yes