[Samba] disable NTLM on Fedora samba-3.0.9

Gerald (Jerry) Carter jerry at samba.org
Mon Dec 6 16:19:38 GMT 2004

Hash: SHA1

Nir L wrote:

| smb.conf:
| security = ADS
| I also configured /etc/krb5.conf and used net ads join
| - successfully.
| However, I can see that NTLM is the chosen protocol for
| each client machine (WinXP) accessing samba, and kerberos
| is not used (from the log):
| using SPNEGO
| Selected protocol NT LM 0.12

This is the smb protocol dialect and has nothing to do
with the authentication chosen (not directly at least).

| even though I tried to set "client use spnego = no"

The applies only to Samba's client code and not the
capability bits set by the server when replying to
clients.  Besides, you really should not disable spnego.
Generally if it doesn't work it would be considered a bug.

| How can I force samba to use kerberos ?

Look for thew SPNEGO communication in the level 10 log.
Hint: search for the string 'OID' and see what mechanism
is being negotiated.

cheers, jerry
- ---------------------------------------------------------------------
Alleviating the pain of Windows(tm)      ------- http://www.samba.org
GnuPG Key                ----- http://www.plainjoe.org/gpg_public.asc
"If we're adding to the noise, turn off this song"--Switchfoot (2003)
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org


More information about the samba mailing list