[Samba] disable NTLM on Fedora samba-3.0.9
Nir L
nir_l3 at netvision.net.il
Mon Dec 6 18:44:50 GMT 2004
In addition to my last email (the one with my smb.conf)
I also found out that:
if I connect the share using \\<ip address>\<sharename>
I get access to the share after NTLM has been used.
and
if I connect using \\<netbiosname>\<sharename>
I get access denied (NTLM is still used...)
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Nir L wrote:
>
> | smb.conf:
> | security = ADS
> | I also configured /etc/krb5.conf and used net ads join
> | - successfully.
> |
> | However, I can see that NTLM is the chosen protocol for
> | each client machine (WinXP) accessing samba, and kerberos
> | is not used (from the log):
> | using SPNEGO
> | Selected protocol NT LM 0.12
>
> This is the smb protocol dialect and has nothing to do
> with the authentication chosen (not directly at least).
>
> | even though I tried to set "client use spnego = no"
>
> The applies only to Samba's client code and not the
> capability bits set by the server when replying to
> clients. Besides, you really should not disable spnego.
> Generally if it doesn't work it would be considered a bug.
>
> | How can I force samba to use kerberos ?
>
> Look for thew SPNEGO communication in the level 10 log.
> Hint: search for the string 'OID' and see what mechanism
> is being negotiated.
>
>
>
>
>
> cheers, jerry
> - ---------------------------------------------------------------------
> Alleviating the pain of Windows(tm) ------- http://www.samba.org
> GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc
> "If we're adding to the noise, turn off this song"--Switchfoot (2003)
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.4 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>
> iD8DBQFBtIaZIR7qMdg1EfYRAmtkAKDc2777bMGrmvw3RAEnC3DhYkTYQACeN2fy
> tMgCGnfpxdChut+G3BGX+do=
> =4ywm
> -----END PGP SIGNATURE-----
More information about the samba
mailing list