[Samba] Problems with Samba 4.6.3 Authentication
Rowland Penny
rpenny at samba.org
Tue May 23 07:07:22 UTC 2017
On Tue, 23 May 2017 08:50:57 +0200
"L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:
> For got to mention.
>
> If you dont have any certificates setup and not using tls.
> Set on the DC's.
>
> ldap server require strong auth = allow_sasl_over_tls
> Or
> ldap server require strong auth = no
>
> And you may need to enable NTLM v1 on the proxy also, but thats why i
> recommends kerberos auth. SO preffered imo, try to avoid any NTLM to
> improve your security. For NTLM v1 then you need to set on the proxy
> and DC ntlm auth = no
> lanman auth = no
Obviously the first will not work if you don't have any certificates ;-)
Yes, kerberos is probably the way to go, the older way of doing things
has proved to be insecure and this is why I keep harping on about
upgrading from NT4-style domains to AD.
There has just been the wannacry crime and I wouldn't be surprised if
Microsoft used this as a reason to kill NTLM, on windows 10 at least.
Rowland
More information about the samba
mailing list