Is Kerberos Required on Linux to Enable NTLM Authentication ONLY Using Samba / Winbind to a Windows AD Domain?

Denis Cardon denis.cardon at tranquil-it-systems.fr
Sat Nov 22 10:29:26 MST 2014


Hi Vince,

> I think I may be working of bad setup instructions which never mention any Kerberos setup pre-requisite prior to installing & configuring Samba / Winbind on a Linux box for the sole purpose of enabling NTLM authentication to a Windows AD domain to connect to a Share Point site (which uses that authentication).
>
> So the question... Is Kerberos Required on Linux to Enable NTLM Authentication ONLY Using Samba / Winbind to a Windows AD Domain?

it is much easier to configure sso through kerberos. You can check on a 
win7 desktop if internet explorer has negotiated kerberos or ntlm auth. 
After connecting to your sharepoint, you check if you have a ticket in 
your kerberos credential cache using the command klist. You should have 
something like HTTP/myserver.mydomain.local at MYDOMAIN.LOCAL.

If it is the case, then you install krb5-user/krb5-workstation and edit 
your /etc/krb5.conf file, then try kinit. If it works, in your firefox, 
you go in about:config and add your dns domain in the 
network.negotiate-auth.trusted-uris key.

Hope this helps,

Denis



>
> Thanks... Vince
>


-- 
Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, bâtiment A
12 avenue Jules Verne
44230 Saint Sébastien sur Loire
tel : +33 (0) 2.40.97.57.55
http://www.tranquil-it-systems.fr



More information about the samba-technical mailing list