diff options
author | Andrew Bartlett <abartlet@samba.org> | 2022-03-25 12:18:01 +1300 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2022-03-29 03:32:57 +0000 |
commit | d7a91a855c7edfb0e09c93cbe4c56df0437fa467 (patch) | |
tree | 6ce06380fe163906db4f01c045a6963537d4f145 | |
parent | 86f7e4e69059e77c35f451919365685d909024af (diff) | |
download | samba-d7a91a855c7edfb0e09c93cbe4c56df0437fa467.tar.gz |
s4-auth: Remove last traces of LanMan authentiation support in the AD DC.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Mar 29 03:32:57 UTC 2022 on sn-devel-184
-rw-r--r-- | WHATSNEW.txt | 5 | ||||
-rw-r--r-- | docs-xml/smbdotconf/security/lanmanauth.xml | 4 | ||||
-rw-r--r-- | source4/auth/ntlm/auth_sam.c | 4 |
3 files changed, 11 insertions, 2 deletions
diff --git a/WHATSNEW.txt b/WHATSNEW.txt index d23bede2da2..1bdf3a01cfb 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -66,6 +66,11 @@ server used as a front. REMOVED FEATURES ================ +LanMan Authentication and password storage removed from the AD DC +----------------------------------------------------------------- + +The storage and authentication with LanMan passwords has been entirely +removed from the Samba AD DC, even when "lanman auth = yes" is set. smb.conf changes ================ diff --git a/docs-xml/smbdotconf/security/lanmanauth.xml b/docs-xml/smbdotconf/security/lanmanauth.xml index 842c12d9b64..045e89d94d6 100644 --- a/docs-xml/smbdotconf/security/lanmanauth.xml +++ b/docs-xml/smbdotconf/security/lanmanauth.xml @@ -45,6 +45,10 @@ then only NTLMv2 logins will be permitted and no LM hash will be stored. All modern clients support NTLMv2, and but some older clients require special configuration to use it.</para> + + <para><emphasis>This parameter has no impact on the Samba AD DC, + LM authentication is always disabled and no LM password is ever + stored.</emphasis></para> </description> <value type="default">no</value> diff --git a/source4/auth/ntlm/auth_sam.c b/source4/auth/ntlm/auth_sam.c index 5a56076ac5b..14b6c707aa5 100644 --- a/source4/auth/ntlm/auth_sam.c +++ b/source4/auth/ntlm/auth_sam.c @@ -78,8 +78,8 @@ static NTSTATUS authsam_password_ok(struct auth4_context *auth_context, *lm_sess_key = data_blob(NULL, 0); *user_sess_key = data_blob(NULL, 0); status = hash_password_check(mem_ctx, - lpcfg_lanman_auth(auth_context->lp_ctx), - user_info->password.hash.lanman, + false, + NULL, user_info->password.hash.nt, user_info->mapped.account_name, NULL, nt_pwd); |