Forcing Kerberos in client tools works inconsistently
Steve French
smfrench at gmail.com
Thu Oct 11 02:27:33 UTC 2018
Noticed that I can do "smbclient -k //server/share -U username" to a
server which only supports Kerberos and I see in the wireshark trace,
as expected, the client negotiating spnego properly - but other tools
such as smbacls e.g. "smbacls -k //server/share "" -U username" ignore
the "-k" and wireshark shows that they are still doing NTLMv2/NTLMSSP
As an experiment I tried setting "ntlm auth = disabled" in smb.conf
(it didn't change anything).
Ideas?
Presumably just a bug in smbcacls, but wasn't obvious when I looked.
I thought it was in common code ... so seemed weird to me:
source3/lib/popt_common.c: { "kerberos", 'k', POPT_ARG_NONE, NULL, 'k',
--
Thanks,
Steve
More information about the samba-technical
mailing list