Use NTLMv2 Authentication with Samba
Trying to connect to Samba shares on a Linux host with a Windows 10 client, even after setting the client Security Policy to allow non-NTLMv2 authentication, the client still gives errors like "The specified password is not correct." when using valid account credentials.
It sounds like most systems can support NTLMv2 authentication, so I'd like to just enable it on my Samba host and no longer worry about supporting the older protocols. It sounds like Samba defaults to having the NTLMv2 option, but, what parameters do I need to set to satisfy Windows (i.e. use NTLMv2 only)?
Supposedly, Samba's defaults match the following values, but I had to set them explicitly:
lanman auth = no
ntlm auth = yes
client lanman auth = no
Check the Windows registry for the key:
HKLM\System\CurrentControlSet\Control\Lsa\LmCompatibilityLevel
If this is set to 0 then Windows will try to connect only using NTLMv1. I have seen this registry key set like this on several Windows 10 machines, and I'm not sure why. However, you can delete this registry key and Windows will revert to its default behavior which is to use NTLMv2 and connect to Samba 4 fine.