[Samba] SASL DIGEST-MD5 NT_STATUS_INVALID_PARAMETER
Andrew Bartlett
abartlet at samba.org
Fri Jul 10 09:38:52 UTC 2015
On Tue, 2015-07-07 at 15:10 -0500, Arthur Ramsey wrote:
> I've googled and I believe that SASL method DIGEST-MD5 is supported and
> I see it in the samba startup, but it doesn't work.
>
> ldapsearch -Y DIGEST-MD5 -h dc03.mediture.dom
> SASL/DIGEST-MD5 authentication started
> ldap_sasl_interactive_bind_s: Operations error (1)
> additional info: SASL:[DIGEST-MD5]: Failed to start authentication backend: NT_STATUS_INVALID_PARAMETER
>
> [root at dc03 ~]# samba -i -M single -d3
> lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf
> samba version 4.2.0 started.
> Copyright Andrew Tridgell and the Samba Team 1992-2014
> GENSEC backend 'gssapi_spnego' registered
> GENSEC backend 'gssapi_krb5' registered
> GENSEC backend 'gssapi_krb5_sasl' registered
> GENSEC backend 'sasl-DIGEST-MD5' registered
> [...]
> Failed to start GENSEC SASL[DIGEST-MD5] server code: NT_STATUS_INVALID_PARAMETER
>
> I'm using samba 4.2.0 compiled from source using standard configuration
> options. Is there something I'm missing e.g. build dependency, runtime
> dependency, build option or configuration?
I'm sorry for the confusion. For Samba 4.3 DIGEST-MD5 has been removed,
it never worked as a client or as server. You will need to use NTLM or
Kerberos.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba
mailing list