[Samba] disable NTLM on Fedora samba-3.0.9
Gerald (Jerry) Carter
jerry at samba.org
Mon Dec 6 16:19:38 GMT 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Nir L wrote:
| smb.conf:
| security = ADS
| I also configured /etc/krb5.conf and used net ads join
| - successfully.
|
| However, I can see that NTLM is the chosen protocol for
| each client machine (WinXP) accessing samba, and kerberos
| is not used (from the log):
| using SPNEGO
| Selected protocol NT LM 0.12
This is the smb protocol dialect and has nothing to do
with the authentication chosen (not directly at least).
| even though I tried to set "client use spnego = no"
The applies only to Samba's client code and not the
capability bits set by the server when replying to
clients. Besides, you really should not disable spnego.
Generally if it doesn't work it would be considered a bug.
| How can I force samba to use kerberos ?
Look for thew SPNEGO communication in the level 10 log.
Hint: search for the string 'OID' and see what mechanism
is being negotiated.
cheers, jerry
- ---------------------------------------------------------------------
Alleviating the pain of Windows(tm) ------- http://www.samba.org
GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc
"If we're adding to the noise, turn off this song"--Switchfoot (2003)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFBtIaZIR7qMdg1EfYRAmtkAKDc2777bMGrmvw3RAEnC3DhYkTYQACeN2fy
tMgCGnfpxdChut+G3BGX+do=
=4ywm
-----END PGP SIGNATURE-----
More information about the samba
mailing list