• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: [Fed-Talk] Does Leopard support NTLMv2? or Rather will the next release of OS/X support NTLMV2?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Fed-Talk] Does Leopard support NTLMv2? or Rather will the next release of OS/X support NTLMV2?

  • Subject: Re: [Fed-Talk] Does Leopard support NTLMv2? or Rather will the next release of OS/X support NTLMV2?
  • From: Paul Nelson <email@hidden>
  • Date: Thu, 26 Mar 2009 11:53:31 -0500
  • Thread-topic: [Fed-Talk] Does Leopard support NTLMv2? or Rather will the next release of OS/X support NTLMV2?
I think what you meant to refer users to is
    man nsmb.conf

This seems to support what people need when the settings are put in
/etc/nsmb.conf:
    [default]
    minauth=ntlmv2

I did a few tests and this setting works properly, not sending anything
weaker than ntlmv2 even if a user sets up their own nsmb.conf file in
~/Library/Preferences

I don't see anything pertaining to smb signing policy here though.

Paul Nelson
Thursby Software Systems Inc.

> From: Allan Marcus <email@hidden>
> Date: Wed, 25 Mar 2009 14:48:45 -0600
> To: Apple Fed Talk <email@hidden>
> Subject: Re: [Fed-Talk] Does Leopard support NTLMv2? or Rather will the next
> release of OS/X support NTLMV2?
>
> edit /etc/smb.conf
> client ntlmv2 auth = yes
>
> man smb.conf
> and search for "client ntlmv2 auth"
>
> ---
> Thanks,
>
> Allan Marcus
> 505-667-5666
>
>
>
> On Mar 25, 2009, at 8:24 AM, Paul Nelson wrote:
>
>> One point you need to be aware of, and ask Apple about:
>>
>> Can you configure your Mac to ONLY use NTLMv2/Kerberos?
>> Furthermore, can
>> you prevent a user from changing that configuration?
>>
>> The same goes for the old LanMan hash or even clear text passwords.
>>
>>
>> Paul Nelson
>> Thursby Software Systems, Inc.
>>
>>
>>> From: "Miller, Timothy J." <email@hidden>
>>> Date: Wed, 25 Mar 2009 09:15:46 -0400
>>> To: "'Jacob, Raymond A Jr'" <email@hidden>, Apple Fed Talk
>>> <email@hidden>
>>> Subject: RE: [Fed-Talk] Does Leopard support NTLMv2? or Rather will
>>> the next
>>> release of OS/X support NTLMV2?
>>>
>>> Believe me, you don't want support for *any* NTLM protocols.  The
>>> NT hash is
>>> the equivalent of the password; in other words, if I have your NT
>>> hash I
>>> don't need to know what the password is.
>>>
>>> http://oss.coresecurity.com/projects/pshtoolkit.htm
>>>
>>> -- Tim
>>>
>>>
>>>> -----Original Message-----
>>>> From: fed-talk-bounces+tmiller=email@hidden
>>>> [mailto:fed-
>>>> talk-bounces+tmiller=email@hidden] On Behalf Of Jacob,
>>>> Raymond A Jr
>>>> Sent: Tuesday, March 24, 2009 3:15 PM
>>>> To: email@hidden
>>>> Subject: [Fed-Talk] Does Leopard support NTLMv2? or Rather will
>>>> the next
>>>> release of OS/X support NTLMV2?
>>>>
>>>> I found a discussion about this topic on the list.
>>>> However, the thread occurred a few years ago.
>>>> Googling for this topic, I that there was a mention
>>>> that Thursby might support NTLMv2.
>>>> Question:
>>>> Does Leopard support NTLMv2?
>>>> Or, Rather will the next release of OS/X support NTLMV2?
>>>>
>>>> r/Raymond
>>>> _______________________________________________
>>>> Do not post admin requests to the list. They will be ignored.
>>>> Fed-talk mailing list      (email@hidden)
>>>> Help/Unsubscribe/Update your Subscription:
>>>>
>>>> This email sent to email@hidden
>>> _______________________________________________
>>> Do not post admin requests to the list. They will be ignored.
>>> Fed-talk mailing list      (email@hidden)
>>> Help/Unsubscribe/Update your Subscription:
>>>
>>> This email sent to email@hidden
>>
>>
>> _______________________________________________
>> Do not post admin requests to the list. They will be ignored.
>> Fed-talk mailing list      (email@hidden)
>> Help/Unsubscribe/Update your Subscription:
>>
>> This email sent to email@hidden
>
>  _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list      (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
>


 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Follow-Ups:
    • Re: [Fed-Talk] Does Leopard support NTLMv2? or Rather will the next release of OS/X support NTLMV2?
      • From: Allan Marcus <email@hidden>
References: 
 >Re: [Fed-Talk] Does Leopard support NTLMv2? or Rather will the next release of OS/X support NTLMV2? (From: Allan Marcus <email@hidden>)

  • Prev by Date: [Fed-Talk] The Omni Group - OmniGraphSketcher
  • Next by Date: [Fed-Talk] Cac not being read correctly
  • Previous by thread: Re: [Fed-Talk] Does Leopard support NTLMv2? or Rather will the next release of OS/X support NTLMV2?
  • Next by thread: Re: [Fed-Talk] Does Leopard support NTLMv2? or Rather will the next release of OS/X support NTLMV2?
  • Index(es):
    • Date
    • Thread