[Samba] How to use kerberos as the default auth in AD config?

Rowland Penny rpenny at samba.org
Tue Aug 14 14:03:06 UTC 2018

On Tue, 14 Aug 2018 19:18:42 +0530
Shyam Kaushik <shyam at zadarastorage.com> wrote:

> Thanks Rowland for your pointers!
> I'm sorry to just mention it as win2k. This is actually a Windows 2016
> server on which we want to get AD/"Protected Users" working. I will
> try pam_winbind & get back if this solves the issue.

Please don't refer to Windows 2016 as win2k, we have enough problems
with people calling their first AD DC 'PDC' LOL

> Now the security updates have been released, I can tell you how to fix
> the problem, upgrade ;-)
>  CVE-2018-1139:
>    Vulnerability that allows authentication via NTLMv1 even if
> disabled.

I couldn't tell you about the above before, I wasn't allowed to ;-) 

You seem to have run straight into it.


More information about the samba mailing list