[Samba] Re: how to turn off NTLM?
Andrew Bartlett
abartlet at samba.org
Sun Sep 29 06:40:01 GMT 2002
Donald Saltarelli wrote:
>
> Andrew, as you konw, I'm trying to get samba-3.0-alpha20 to authenticate
> a user that logs in to an AD domain workstation with the user's AD
> kerberos credentials. looking at the logs, it's not clear to me whether
> samba is trying to do kerberos or NTLM authentication for the client.
These logs indicate NTLM authenticaion. Use 'auth methods = guest' to
ensure that Samba doesn't even try to authenticate users with NTLM.
> in smb.conf I have:
>
> [global]
> security = ADS
> realm = HSSOE.UCI.EDU
> ads server = dc1.hssoe.uci.edu
> lanman auth = no
> ntlm auth = no
> disable netbios = yes
> use spnego = yes
> # protocol =
> # encrypt passwords = yes
> ldap admin dn = Administrator
>
> How do i get it to only do GSS-SPNEGO or whatever it's called? Is this
> just not possible yet?
Win2k machines will use kerberos in preference to NTLM when possible.
> I noticed that in the log at some point it says realm(NULL). could the
> AD KDC be rejecting it because of that?
>
> Thanks for any help,
>
> Donald
> (time running out for this quarter's launch...)
Then I think you left your run a bit late... This stuff is complex, why
didn't you start at this earlier...?
Also, I'm still not particuarly clear on what you are doing - you have
an MIT kerberos realm, and a Win2k realm, but passwords are not
synced...???
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
More information about the samba
mailing list