[Samba] Attempting to access LDAP backend gives "Strong(er) Authentication Required"

Gabriel O. Franca gabriel.franca at gmail.com
Wed Jul 13 12:37:20 UTC 2016 

set this parameter in smb.conf in the global part.

ldap server require strong auth = no

regards,

Gabriel Franca

Em 13/07/2016 06:02, mathias dufresne escreveu:
> LDAP can be use in clear text mode or with start_tls. There is still 
> LDAPS which can also be used. Any of these should be used to 
> authenticate users as LDAP[s] is not meant to authenticate anything, 
> it's a DB.
> Kerberos should be used for authentication as it is meant for that 
> purpose and could grant your users possibility to have SSO. More 
> secure for admins, more simple for users...
>
> I have not enough knowledge about Apache and mod_auth_kerb but it 
> seems this Apache module can be used to authenticate users using 
> Kerberos. Configuration for the few I read seems to be placed in 
> Apache side, protecting directories/URIs of your sites, granting 
> access to others objects...
> Again I have not the experience to be sure, but it seemed a good way 
> to protect webapps which are not shipped with an easier way to protect 
> them.
>
> 2016-07-13 3:38 GMT+02:00 Gabriel O. Franca <gabriel.franca at gmail.com 
> <mailto:gabriel.franca at gmail.com>>:
>
>     I went through this problem.
>
>     There is a parameter to put in smb.conf that resolves this issue.
>
>     I ask you to send an email to me tomorrow so I get the company I
>     send it for the moment I can not connect to my server.
>
>     Regards,
>
>     Gabriel Franca
>
>
>     Em 12/07/2016 18:39, David "Buzz" Carlson escreveu:
>
>         I am attempting to access the in-built LDAP backend to use for
>         authentication for an external web app.  When connecting to
>         the server, an
>         error is returned "Strong(er) authentication is required (8)
>         for user"
>
>         Google suggests that this is due to the fact that simple
>         authentication is
>         not enabled on the LDAP server.  This web app, however, does
>         not support
>         SASL.
>
>         So, is it possible to enable simple authentication to the
>         samba's LDAP
>         services?
>
>         Buzz
>
>
>
>     -- 
>     To unsubscribe from this list go to the following URL and read the
>     instructions: https://lists.samba.org/mailman/options/samba
>
>

More information about the samba mailing list