docs: Improve documentation of "lanman auth" and "ntlm auth" connection

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13981 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
author: Andrew Bartlett <abartlet@samba.org> 2019-06-01 09:04:48 +1200
committer: Andreas Schneider <asn@cryptomilk.org> 2019-06-04 22:13:07 +0000
commit: dbf3e81f7f0b28c69dca004b32ea3a7344b0cad3 (patch)
tree: b27ec9a42de62fbfcdbc9289fad6f6b8481e5b77 /docs-xml
parent: 046de055215615697619452f9735cfad01fdbb03 (diff)
download: samba-dbf3e81f7f0b28c69dca004b32ea3a7344b0cad3.tar.gz
2 files changed, 13 insertions, 10 deletions
diff --git a/docs-xml/smbdotconf/security/lanmanauth.xml b/docs-xml/smbdotconf/security/lanmanauth.xml
index a9e4f88b89f..97f2fb04dcb 100644
--- a/docs-xml/smbdotconf/security/lanmanauth.xml
+++ b/docs-xml/smbdotconf/security/lanmanauth.xml
@@ -24,16 +24,18 @@
     auth is re-enabled later on.
     </para>
 		
-    <para>Unlike the <command moreinfo="none">encrypt
-    passwords</command> option, this parameter cannot alter client
+    <para>Unlike the <parameter moreinfo="none">encrypt
+    passwords</parameter> option, this parameter cannot alter client
     behaviour, and the LANMAN response will still be sent over the
     network.  See the <command moreinfo="none">client lanman
     auth</command> to disable this for Samba's clients (such as smbclient)</para>
 
-    <para>If this option, and <command moreinfo="none">ntlm
-    auth</command> are both disabled, then only NTLMv2 logins will be
-    permited.  Not all clients support NTLMv2, and most will require
-    special configuration to use it.</para>
+    <para>This parameter is overriden by <parameter moreinfo="none">ntlm
+    auth</parameter>, so unless that it is also set to
+    <constant>ntlmv1-permitted</constant> or <constant>yes</constant>,
+    then only NTLMv2 logins will be permited and no LM hash will be
+    stored.  All modern clients support NTLMv2, and but some older
+    clients require special configuration to use it.</para>
 </description>
 
 <value type="default">no</value>
diff --git a/docs-xml/smbdotconf/security/ntlmauth.xml b/docs-xml/smbdotconf/security/ntlmauth.xml
index dceae44d81b..dd5dbaea117 100644
--- a/docs-xml/smbdotconf/security/ntlmauth.xml
+++ b/docs-xml/smbdotconf/security/ntlmauth.xml
@@ -19,11 +19,9 @@
     control NTLM authentiation for domain users, this must option must
     be configured on each DC.</para>
 
-    <para>By default with <command moreinfo="none">lanman
-    auth</command> set to <constant>no</constant> and
-    <command moreinfo="none">ntlm auth</command> set to
+    <para>By default with <command moreinfo="none">ntlm auth</command> set to
     <constant>ntlmv2-only</constant> only NTLMv2 logins will be
-    permited.  Most clients support NTLMv2 by default, but some older
+    permited.  All modern clients support NTLMv2 by default, but some older
     clients will require special configuration to use it.</para>
 
     <para>The primary user of NTLMv1 is MSCHAPv2 for VPNs and 802.1x.</para>
@@ -35,6 +33,9 @@
           <para><constant>ntlmv1-permitted</constant>
 	  (alias <constant>yes</constant>) - Allow NTLMv1 and above for all clients.</para>
 
+	  <para>This is the required setting for to enable the <parameter
+	  moreinfo="none">lanman auth</parameter> parameter.</para>
+
         </listitem>
 
         <listitem>
author	Andrew Bartlett <abartlet@samba.org>	2019-06-01 09:04:48 +1200
committer	Andreas Schneider <asn@cryptomilk.org>	2019-06-04 22:13:07 +0000
commit	dbf3e81f7f0b28c69dca004b32ea3a7344b0cad3 (patch)
tree	b27ec9a42de62fbfcdbc9289fad6f6b8481e5b77 /docs-xml
parent	046de055215615697619452f9735cfad01fdbb03 (diff)
download	samba-dbf3e81f7f0b28c69dca004b32ea3a7344b0cad3.tar.gz