client NTLMv2 auth

This parameter determines whether or not smbclient
8 will attempt to
authenticate itself to servers using the NTLMv2 encrypted password

If enabled, only an NTLMv2 and LMv2 response (both much more
secure than earlier versions) will be sent. Older servers
(including NT4 < SP4, Win9x and Samba 2.2) are not compatible with
NTLMv2 when not in an NTLMv2 supporting domain

Similarly, if enabled, NTLMv1, client lanman auth and client plaintext auth
authentication will be disabled. This also disables share-level

If disabled, an NTLM response (and possibly a LANMAN response)
will be sent by the client, depending on the value of client lanman auth.

Note that Windows Vista and later versions already use
NTLMv2 by default, and some sites (particularly those following
'best practice' security polices) only allow NTLMv2 responses, and
not the weaker LM or NTLM.

When is also set to
yes extended security (SPNEGO) is required
in order to use NTLMv2 only within NTLMSSP. This behavior was
introduced with the patches for CVE-2016-2111.

Supported on: At least Microsoft Windows 7 or Windows Server 2008 family

client NTLMv2 auth
Registry PathSoftware\Policies\Samba\smb_conf\client NTLMv2 auth
Value Nameclient NTLMv2 auth
Default Value1
True Value1
False Value0


Administrative Templates (Computers)