Forcing Kerberos in client tools works inconsistently
Jeremy Allison
jra at samba.org
Thu Oct 11 17:26:32 UTC 2018
On Wed, Oct 10, 2018 at 09:27:33PM -0500, Steve French via samba-technical wrote:
> Noticed that I can do "smbclient -k //server/share -U username" to a
> server which only supports Kerberos and I see in the wireshark trace,
> as expected, the client negotiating spnego properly - but other tools
> such as smbacls e.g. "smbacls -k //server/share "" -U username" ignore
> the "-k" and wireshark shows that they are still doing NTLMv2/NTLMSSP
>
> As an experiment I tried setting "ntlm auth = disabled" in smb.conf
> (it didn't change anything).
>
> Ideas?
>
> Presumably just a bug in smbcacls, but wasn't obvious when I looked.
>
> I thought it was in common code ... so seemed weird to me:
>
> source3/lib/popt_common.c: { "kerberos", 'k', POPT_ARG_NONE, NULL, 'k',
That's strange. Can you log a bug with an easy reproducer ?
More information about the samba-technical
mailing list