[Samba] Fwd: Re: Kerberos and NTLMv2 authentication
Edouard Guigné
eguigne at pasteur-cayenne.fr
Mon Jun 17 11:56:51 UTC 2019
Hello,
May you answer me about my issue with kerberos ?
About libpam-krb5 installed, I have on my system :
yum list krb5-workstation pam_krb5
krb5-workstation.x86_64 1.15.1-37.el7_6 @updates
pam_krb5.x86_64 2.4.8-6.el7 @base
Is pam_krb5 equivalent to libpam-krb5 on centos 7 ?
Thanks
-------- Message transféré --------
Sujet : Re: [Samba] Kerberos and NTLMv2 authentication
Date : Sat, 15 Jun 2019 11:11:15 -0300
De : eguigne--- via samba <samba at lists.samba.org>
Répondre à : eguigne at pasteur-cayenne.fr
Pour : samba at lists.samba.org
Hello Rowland,
Sorry for the workgroup and realm name, I put MYDOMAIN to anonymize,
should be :
realm = MYDOMAIN.LOCAL
workgroup = MYDOMAIN
About libpam-krb5 installed, I have on my system :
yum list krb5-workstation pam_krb5
krb5-workstation.x86_64 1.15.1-37.el7_6 @updates
pam_krb5.x86_64 2.4.8-6.el7 @base
Is pam_krb5 equivalent to libpam-krb5 on centos 7 ?
> On 15/06/2019 01:40, eguigne--- via samba wrote:
>> Dear Samba Users,
>>
>> I set a samba share (4.8.1) on a linux (centos 7) as server member ;
>> authentication is done against a AD win 2012 R2 server through winbind.
>>
>> I thought authentication was using kerberos, but I checked log and found
>> :
>>
>> Auth: [SMB2,(null)] user [MYDOMAIN]\[mydomainuser] at [mar., 11 juin
>> 2019
>> 10:21:42.000927 -03] with [NTLMv2] status [NT_STATUS_OK] workstation
>> [CANONDCE0BD]
>>
>> Below, part of my smb.cnf :
>>
>> security = ads
>>
>> realm = MYDOMAIN
>> workgroup = MYDOMAIN
> Why is your workgroup and realm the same ?
>>
>> kerberos method = secrets and keytab
>>
>> server signing = mandatory
>>
>> client signing = mandatory
>>
>> How can I tell samba using kerberos instead of NTLMv2 ? Or is it in
>> winbind configuration ?
>
> Do you have libpam-krb5 installed ?
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list