diff options
author | Andrew Bartlett <abartlet@samba.org> | 2017-07-24 14:09:19 +1200 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2017-08-17 10:38:21 +0200 |
commit | a727c56ccc13dd538b5ca502b6ee8432fc2a3944 (patch) | |
tree | f181434aed23af9042bed3463cbc193322394580 /docs-xml | |
parent | 67612bbe87bc61886daf407851c83511fa991e79 (diff) | |
download | samba-a727c56ccc13dd538b5ca502b6ee8432fc2a3944.tar.gz |
smb.conf: Explain that "ntlm auth" is a per-passdb setting
This parameter has always applied to this passdb only, not to domain
authentication.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12929
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 9d4a9bd3cc6d5031b4cb6120be8d261350a8bdfc)
Diffstat (limited to 'docs-xml')
-rw-r--r-- | docs-xml/smbdotconf/security/ntlmauth.xml | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/docs-xml/smbdotconf/security/ntlmauth.xml b/docs-xml/smbdotconf/security/ntlmauth.xml index f0969bf9ed2..dceae44d81b 100644 --- a/docs-xml/smbdotconf/security/ntlmauth.xml +++ b/docs-xml/smbdotconf/security/ntlmauth.xml @@ -6,8 +6,18 @@ <description> <para>This parameter determines whether or not <citerefentry><refentrytitle>smbd</refentrytitle> <manvolnum>8</manvolnum></citerefentry> will attempt to - authenticate users using the NTLM encrypted password response. - If disabled, NTLM and LanMan authencication is disabled server-wide.</para> + authenticate users using the NTLM encrypted password response for + this local passdb (SAM or account database). </para> + + <para>If disabled, both NTLM and LanMan authencication against the + local passdb is disabled.</para> + + <para>Note that these settings apply only to local users, + authentication will still be forwarded to and NTLM authentication + accepted against any domain we are joined to, and any trusted + domain, even if disabled or if NTLMv2-only is enforced here. To + control NTLM authentiation for domain users, this must option must + be configured on each DC.</para> <para>By default with <command moreinfo="none">lanman auth</command> set to <constant>no</constant> and @@ -41,8 +51,8 @@ </listitem> <listitem> - <para><constant>disabled</constant> - Do not allow NTLM (or - LanMan) authentication of any level as a server, nor permit + <para><constant>disabled</constant> - Do not accept NTLM (or + LanMan) authentication of any level, nor permit NTLM password changes.</para> </listitem> |