[Samba] Samba, AD and devices compatibility...
Andrew Bartlett
abartlet at samba.org
Tue Mar 13 17:59:01 UTC 2018
On Tue, 2018-03-13 at 12:17 +0100, Marco Gaiarin via samba wrote:
> I'm trying to test/move some of my LDAP-enabled devices from my actual
> OpenLDAP server(s) to my new samba AD domain.
>
> For now, i'm poking with printers, and i'm testing a Konica-Minolta
> BizHub C224e.
>
> Defining user autentication to external source, i can set (between
> LDAP, NTLM, NDS, ...) 'Active Directory', and i can/must provide the
> domain naime.
>
> After that, DNS and kerberos seems to work, but actual auth no:
> This mean that the printer try to auth in LDAP 'plain' (no SSL, no
> TLS), and so samba refuse that?
No, it means that Samba is refusing to accept a NTLM or Kerberos
authenticated connection without SIGN or SEAL negotiated, as an
attacker could take over an unprotected network connection and do evil
things with it.
See 'ldap server require strong auth'.
I hope this helps,
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba
mailing list