[Samba] use spnego question - samba 47 to samba48 migration
Rowland Penny
rpenny at samba.org
Mon Jun 25 07:43:49 UTC 2018
On Sun, 24 Jun 2018 20:32:20 -0300
Kontrol-Suporte via samba <samba at lists.samba.org> wrote:
> Hi Rowland,
> Thanks Much for the help, as usual!
>
> About Kerberos: Yes, I have implemented Kerberos and NTLM. I need
> both working. About winbindd_privileged: Not sure what you mean with
> " I think you might want to check that again, the
> 'winbindd_privileged' dir went away quite some time ago." Shouldn't
> that folder be there anymore? Everytime I install Samba47 or 48 it
> creates the folder with the "pipe" inside of it. I just needed to
> change the permissions/ownership to the folder. Isn't Ok to use that
> way anymore?
I was convinced that it had been removed, but no, it is still there, so
yes you can still use it.
>
> About Lanman2: Hummm... now you got me confused. I could swear that
> option was to force ntlm v2 as minimum. The idea is to force NTLM v2
> as minimum protocol. Should I use option "smb2" instead?
Try reading 'man smb.conf' where you will find this:
Normally this option should not be set as the automatic negotiation
phase in the SMB protocol takes care of choosing the appropriate
protocol.
If you want to enforce NTLMv2, then either do not have an 'ntlm auth'
line in smb.conf, or use this instead:
ntlm auth = mschapv2-and-ntlmv2-only
Rowland
More information about the samba
mailing list