From: Andrew Bartlett <abartlet@samba.org>
Date: Thu, 10 Feb 2022 05:15:58 +0000 (+1300)
Subject: s4-auth: Disable LM authenticaton in the AD DC despite "lanman auth = yes"
X-Git-Tag: tevent-0.12.0~406
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2dbc8b98435bd2dde93830a0aaa07053eda75bc6;p=thirdparty%2Fsamba.git

s4-auth: Disable LM authenticaton in the AD DC despite "lanman auth = yes"

LM authentication is very weak and a very bad idea, so has been deprecated since
Samba 4.11.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
---

diff --git a/source4/auth/ntlm/auth_sam.c b/source4/auth/ntlm/auth_sam.c
index cf0656ae0da..0625c4f1268 100644
--- a/source4/auth/ntlm/auth_sam.c
+++ b/source4/auth/ntlm/auth_sam.c
@@ -90,8 +90,8 @@ static NTSTATUS authsam_password_ok(struct auth4_context *auth_context,
 		
 	case AUTH_PASSWORD_RESPONSE:
 		status = ntlm_password_check(mem_ctx, 
-					     lpcfg_lanman_auth(auth_context->lp_ctx),
-						 lpcfg_ntlm_auth(auth_context->lp_ctx),
+					     false,
+					     lpcfg_ntlm_auth(auth_context->lp_ctx),
 					     user_info->logon_parameters, 
 					     &auth_context->challenge.data, 
 					     &user_info->password.response.lanman,