[Samba] Attempting to access LDAP backend gives "Strong(er) Authentication Required"

David "Buzz" Carlson chebuzz at gmail.com
Wed Jul 13 20:50:59 UTC 2016 

This was the parameter required:

ldap server require strong auth = no

As mentioned elsewhere, basic authentication seems to be allowed using
SSL/TLS.  But this is required when using unencrypted (for reasons that are
fairly logical...)

Thank you all!


On Wed, Jul 13, 2016 at 6:37 AM, Gabriel O. Franca <gabriel.franca at gmail.com
> wrote:

> set this parameter in smb.conf in the global part.
>
> ldap server require strong auth = no
>
> regards,
>
> Gabriel Franca
>
> Em 13/07/2016 06:02, mathias dufresne escreveu:
>
>> LDAP can be use in clear text mode or with start_tls. There is still
>> LDAPS which can also be used. Any of these should be used to authenticate
>> users as LDAP[s] is not meant to authenticate anything, it's a DB.
>> Kerberos should be used for authentication as it is meant for that
>> purpose and could grant your users possibility to have SSO. More secure for
>> admins, more simple for users...
>>
>> I have not enough knowledge about Apache and mod_auth_kerb but it seems
>> this Apache module can be used to authenticate users using Kerberos.
>> Configuration for the few I read seems to be placed in Apache side,
>> protecting directories/URIs of your sites, granting access to others
>> objects...
>> Again I have not the experience to be sure, but it seemed a good way to
>> protect webapps which are not shipped with an easier way to protect them.
>>
>> 2016-07-13 3:38 GMT+02:00 Gabriel O. Franca <gabriel.franca at gmail.com
>> <mailto:gabriel.franca at gmail.com>>:
>>
>>
>>     I went through this problem.
>>
>>     There is a parameter to put in smb.conf that resolves this issue.
>>
>>     I ask you to send an email to me tomorrow so I get the company I
>>     send it for the moment I can not connect to my server.
>>
>>     Regards,
>>
>>     Gabriel Franca
>>
>>
>>     Em 12/07/2016 18:39, David "Buzz" Carlson escreveu:
>>
>>         I am attempting to access the in-built LDAP backend to use for
>>         authentication for an external web app.  When connecting to
>>         the server, an
>>         error is returned "Strong(er) authentication is required (8)
>>         for user"
>>
>>         Google suggests that this is due to the fact that simple
>>         authentication is
>>         not enabled on the LDAP server.  This web app, however, does
>>         not support
>>         SASL.
>>
>>         So, is it possible to enable simple authentication to the
>>         samba's LDAP
>>         services?
>>
>>         Buzz
>>
>>
>>
>>     --     To unsubscribe from this list go to the following URL and read
>> the
>>     instructions: https://lists.samba.org/mailman/options/samba
>>
>>
>>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list