[Samba] Samba, AD and devices compatibility...

Andrew Bartlett abartlet at samba.org
Tue Mar 13 17:59:01 UTC 2018

On Tue, 2018-03-13 at 12:17 +0100, Marco Gaiarin via samba wrote:
> I'm trying to test/move some of my LDAP-enabled devices from my actual
> OpenLDAP server(s) to my new samba AD domain.
> For now, i'm poking with printers, and i'm testing a Konica-Minolta
> BizHub C224e.
> Defining user autentication to external source, i can set (between
> LDAP, NTLM, NDS, ...) 'Active Directory', and i can/must provide the
> domain naime.
> After that, DNS and kerberos seems to work, but actual auth no:

> This mean that the printer try to auth in LDAP 'plain' (no SSL, no
> TLS), and so samba refuse that?

No, it means that Samba is refusing to accept a NTLM or Kerberos
authenticated connection without SIGN or SEAL negotiated, as an
attacker could take over an unprotected network connection and do evil
things with it.

See 'ldap server require strong auth'.

I hope this helps,

Andrew Bartlett

Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba mailing list