Q: 128-bit Samba Authentication

Question

Scott Ticknor

Level 1 (0 points)

Q: 128-bit Samba Authentication

I have a windows 7 domain machine that has a security policy that requires 128-bit NTLM encryption for accessing SMB shares. Assuming the policy must remain unchanged, is there any way to configure OS X Server (El Cap/Server app 5) to understand the 128-bit requests? All searches only mention that one should disable 128 bit on the windows client but that is not an option. Does OS X 10.11 samba support this configuration?

Posted on Dec 18, 2015 10:58 AM

I have this question too

Solved

MrHoffman

Level 6 (15,627 points)

Mac OS X

A:

It's reportedly an Apple-developed SMB / SMB2 / CIFS server (Ars), and not a fork of Samba.

Microsoft Active Directory / LDAP / Kerberos is the recommended approach and the upgrade path here, given that Microsoft is no longer recommending use of NTLM (MS) — the NTLM crypto used is old and crufty and known to be very weak.

Posted on Dec 18, 2015 12:39 PM

Q: 128-bit Samba Authentication

All replies

Helpful answers

by MrHoffman,

MrHoffman Dec 18, 2015 11:57 AM in response to Scott Ticknor
Level 6 (15,627 points)

Mac OS X

Dec 18, 2015 11:57 AM in response to Scott Ticknor

OS X does not include Samba; not since 10.6. Apple indicates 128-bit is not supported.
Reply options

Link to this post

by Scott Ticknor,

Scott Ticknor Dec 18, 2015 12:02 PM in response to MrHoffman
Level 1 (0 points)

Dec 18, 2015 12:02 PM in response to MrHoffman

Yes, sorry, i realize it is no longer "real" Samba but some forked variant. I was afraid that 128 was not supported. Thanks,
Reply options

Link to this post

Accepted Answer · Dec 18, 2015 12:39 PM

MrHoffman

Level 6 (15,627 points)

Mac OS X

Dec 18, 2015 12:39 PM in response to Scott Ticknor

It's reportedly an Apple-developed SMB / SMB2 / CIFS server (Ars), and not a fork of Samba.

Microsoft Active Directory / LDAP / Kerberos is the recommended approach and the upgrade path here, given that Microsoft is no longer recommending use of NTLM (MS) — the NTLM crypto used is old and crufty and known to be very weak.

Q: 128-bit Samba Authentication

All replies Helpful answers

by MrHoffman,

by Scott Ticknor,

by MrHoffman,Solvedanswer

All replies

Helpful answers