[Samba] Attempting to access LDAP backend gives "Strong(er) Authentication Required"
David "Buzz" Carlson
chebuzz at gmail.com
Wed Jul 13 20:50:59 UTC 2016
This was the parameter required:
ldap server require strong auth = no
As mentioned elsewhere, basic authentication seems to be allowed using
SSL/TLS. But this is required when using unencrypted (for reasons that are
fairly logical...)
Thank you all!
On Wed, Jul 13, 2016 at 6:37 AM, Gabriel O. Franca <gabriel.franca at gmail.com
> wrote:
> set this parameter in smb.conf in the global part.
>
> ldap server require strong auth = no
>
> regards,
>
> Gabriel Franca
>
> Em 13/07/2016 06:02, mathias dufresne escreveu:
>
>> LDAP can be use in clear text mode or with start_tls. There is still
>> LDAPS which can also be used. Any of these should be used to authenticate
>> users as LDAP[s] is not meant to authenticate anything, it's a DB.
>> Kerberos should be used for authentication as it is meant for that
>> purpose and could grant your users possibility to have SSO. More secure for
>> admins, more simple for users...
>>
>> I have not enough knowledge about Apache and mod_auth_kerb but it seems
>> this Apache module can be used to authenticate users using Kerberos.
>> Configuration for the few I read seems to be placed in Apache side,
>> protecting directories/URIs of your sites, granting access to others
>> objects...
>> Again I have not the experience to be sure, but it seemed a good way to
>> protect webapps which are not shipped with an easier way to protect them.
>>
>> 2016-07-13 3:38 GMT+02:00 Gabriel O. Franca <gabriel.franca at gmail.com
>> <mailto:gabriel.franca at gmail.com>>:
>>
>>
>> I went through this problem.
>>
>> There is a parameter to put in smb.conf that resolves this issue.
>>
>> I ask you to send an email to me tomorrow so I get the company I
>> send it for the moment I can not connect to my server.
>>
>> Regards,
>>
>> Gabriel Franca
>>
>>
>> Em 12/07/2016 18:39, David "Buzz" Carlson escreveu:
>>
>> I am attempting to access the in-built LDAP backend to use for
>> authentication for an external web app. When connecting to
>> the server, an
>> error is returned "Strong(er) authentication is required (8)
>> for user"
>>
>> Google suggests that this is due to the fact that simple
>> authentication is
>> not enabled on the LDAP server. This web app, however, does
>> not support
>> SASL.
>>
>> So, is it possible to enable simple authentication to the
>> samba's LDAP
>> services?
>>
>> Buzz
>>
>>
>>
>> -- To unsubscribe from this list go to the following URL and read
>> the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>>
>>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list