[Samba] force ntlm

Urs Golla urs.golla at gmail.com
Thu Dec 13 15:38:51 GMT 2007


Hi

Thanks for your advice, but it is still using kerbers (--> Server not
found in Kerberos database).

My smb.conf looks like that:

[global]
        workgroup = DOMAINA
        realm = DOMAIN.BLA.BLUB
        server string = Samba Server
        security = ADS
        auth methods = winbind
        password server = server1, server2
        client NTLMv2 auth = Yes
        client lanman auth = No
        client plaintext auth = No
        log level = 3
        log file = /var/log/samba/%m.log
        max log size = 50
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        preferred master = No
        dns proxy = No
        wins server = x.x.x.x
        idmap backend = ad
        idmap uid = 500-33554431
        idmap gid = 500-33554431
        template homedir = /home/%U
        template shell = /bin/bash
        winbind separator = +
        winbind enum users = Yes
        winbind enum groups = Yes
        winbind use default domain = Yes
        winbind nss info = rfc2307




On Nov 19, 2007 11:00 AM, Warren Beldad <advisory22 at gmail.com> wrote:
> Hi,
>
> use the parameter "client ntlmv2 auth", by default it is set to no.
> If enabled, samba will sent only NTLMv2 responses.
> please have a look on its man page...
>
> thanks,
> warren
>
>
> On Nov 19, 2007 4:49 PM, Urs Golla <urs.golla at gmail.com> wrote:
> > Is there really no way to tell winbind to use ntlm for "security =
> > ads" with samba 3.0.26? The man pages say that it should work like
> > that... wrong information in the man pages?
> >
> > cheers
> > urs
> >
> >
> > On 11/18/07, Neal A. Lucier <nlucier at math.purdue.edu> wrote:
> > > The parameter/feature is being introduced in 3.2.0, sorry I thought it
> > > came with 3.0.26.
> > >
> > > Neal
> > >
> > > Urs Golla wrote:
> > > > Hi Neal
> > > >
> > > > I get "Unknown parameter encountered: "winbind rpc only""
> > > >
> > > > I have samba 3.0.26.a-35
> > > >
> > > >
> > > > cheers
> > > > Urs
> > > >
> > > > On 11/16/07, Neal A. Lucier <nlucier at math.purdue.edu> wrote:
> > > >> Urs Golla wrote:
> > > >>> Is there a way to force samba to use NTLM (or NTLMv2) instead of kerberos?
> > > >>>
> > > >> While the man page doesn't explicitly say that NTLM is used instead of
> > > >> kerberos; I believe the intent of this setting is to have samba talk
> > > >> with AD using only NT4 domain member style communications (RPC and NTLM)
> > > >> and not ADS style communications (LDAP and kerberos).  It's worth trying
> > > >> if you haven't already.
> > > >>
> > > >>  From man smb.conf:
> > > >>
> > > >> winbind rpc only (G)
> > > >>
> > > >>     Setting this parameter to yes forces winbindd to use RPC instead of
> > > >> LDAP to retrieve information from Domain Controllers.
> > > >>
> > > >>     Default: winbind rpc only = no
> > > >>
> > >
> > >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/listinfo/samba
> >
>


More information about the samba mailing list