[Samba] SASL DIGEST-MD5 NT_STATUS_INVALID_PARAMETER
Arthur Ramsey
arthur_ramsey at mediture.com
Fri Jul 10 16:45:04 UTC 2015
That's too bad, I was trying to get the Vasco Identikey server working
with samba4 as a backend for FIPS 140-2 compliant OTP, which will only
bind with DIGEST-MD5. I guess I will have to join a Windows 2008 R2 to
the domain as a domain controller.
Thanks for clarifying,
Arthur
On 07/10/2015 04:38 AM, Andrew Bartlett wrote:
> On Tue, 2015-07-07 at 15:10 -0500, Arthur Ramsey wrote:
>> I've googled and I believe that SASL method DIGEST-MD5 is supported and
>> I see it in the samba startup, but it doesn't work.
>>
>> ldapsearch -Y DIGEST-MD5 -h dc03.mediture.dom
>> SASL/DIGEST-MD5 authentication started
>> ldap_sasl_interactive_bind_s: Operations error (1)
>> additional info: SASL:[DIGEST-MD5]: Failed to start authentication backend: NT_STATUS_INVALID_PARAMETER
>>
>> [root at dc03 ~]# samba -i -M single -d3
>> lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf
>> samba version 4.2.0 started.
>> Copyright Andrew Tridgell and the Samba Team 1992-2014
>> GENSEC backend 'gssapi_spnego' registered
>> GENSEC backend 'gssapi_krb5' registered
>> GENSEC backend 'gssapi_krb5_sasl' registered
>> GENSEC backend 'sasl-DIGEST-MD5' registered
>> [...]
>> Failed to start GENSEC SASL[DIGEST-MD5] server code: NT_STATUS_INVALID_PARAMETER
>>
>> I'm using samba 4.2.0 compiled from source using standard configuration
>> options. Is there something I'm missing e.g. build dependency, runtime
>> dependency, build option or configuration?
> I'm sorry for the confusion. For Samba 4.3 DIGEST-MD5 has been removed,
> it never worked as a client or as server. You will need to use NTLM or
> Kerberos.
>
> Andrew Bartlett
>
More information about the samba
mailing list