[Samba] How to disable NTLM authentication on Samba
Reinaldo Souza Gomes
reinaldosouzagomes at yahoo.com.br
Wed Oct 10 19:52:41 UTC 2018
Forgive me if I have misundertood your words, but what I want is to prevent Samba from accepting NTLM(v1, v2, SSP, or whatever) and forwarding it, since SSSD does not support it. I am not trying to get SSSD to support any kind of NTLM. So, this would be a Samba issue, not SSSD's. Isn't that correct?
Putting it in another words: what can I do (preferrably on the Samba server) to prevent windows clients from successfully sending NTLM authentication to my Samba server? Em quarta-feira, 10 de outubro de 2018 16:29:28 BRT, Rowland Penny via samba <samba at lists.samba.org> escreveu:
On Wed, 10 Oct 2018 18:50:23 +0000 (UTC)
Reinaldo Souza Gomes via samba <samba at lists.samba.org> wrote:
>
> How can I make sure that NTLM(SSP) will never be used??
>
> I’ve set up Samba with SSSD and everything Works fine... except for a
> few Windows machines which every now and then happen to send NTLM
> authentication flags to the Samba server, which happily forwards
> them. And then the authentication fails because SSSD doesn’t support
> NTLM.
>
> I’ve tried all sorts of parameters combination on smb.conf (including
> "ntlm auth = disabled"), but I didn’t find a way to completely refuse
> NTLM authentication on the Samba server, and force the client to use
> another authentication method (kerberos).
You will have to ask the sssd-users mailing list, you are not using
Samba for authentication.
sssd isn't a Samba product.
Samba by default no longer uses NTLMv1
Rowland
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list