CompTIA CASP+ Practice Test

What setting on a Unix server might prevent Windows users from authenticating to a CIFS share?

• A. Allow LM and NTLM authentication
• B. Refuse LM and only accept NTLMv2
• C. Disable all authentication protocols
• D. Require Kerberos authentication only

The correct answer is: Refuse LM and only accept NTLMv2

The choice of refusing LM and only accepting NTLMv2 is significant because it relates directly to the compatibility of authentication methods between Unix and Windows systems. When a Unix server is configured to refuse LM (LAN Manager) authentication, it will only allow the more secure NTLMv2 protocol. Many older Windows clients and some applications may still rely on LM for authentication, leading them to fail to authenticate when they attempt to access a CIFS (Common Internet File System) share on the Unix server. This creates a barrier for Windows users who cannot connect due to the lack of support for NTLMv2 in their configuration. In contrast: - Allowing LM and NTLM authentication would enable both older and newer clients to authenticate, providing broader access for Windows users. - Disabling all authentication protocols would effectively prevent any authentication, but that would cut off access entirely to everyone, rather than specifically preventing Windows users. - Requiring Kerberos authentication only might restrict access to clients that properly support and are configured for Kerberos, which includes many modern Windows systems, but still presents a potential compatibility issue with older versions or improperly configured systems. Thus, the refusal of LM combined with the requirement for NTLMv2 specifically hinders Windows users who depend on the older