[Samba] Fwd: Re: Kerberos and NTLMv2 authentication

Edouard Guigné eguigne at pasteur-cayenne.fr
Mon Jun 17 11:56:51 UTC 2019 

Hello,

May you answer me about my issue with kerberos ?

About libpam-krb5 installed, I have on my system :
yum list krb5-workstation pam_krb5
krb5-workstation.x86_64 1.15.1-37.el7_6 @updates
pam_krb5.x86_64 2.4.8-6.el7 @base

Is pam_krb5 equivalent to libpam-krb5 on centos 7 ?

Thanks

-------- Message transféré --------
Sujet : 	Re: [Samba] Kerberos and NTLMv2 authentication
Date : 	Sat, 15 Jun 2019 11:11:15 -0300
De : 	eguigne--- via samba <samba at lists.samba.org>
Répondre à : 	eguigne at pasteur-cayenne.fr
Pour : 	samba at lists.samba.org



Hello Rowland,

Sorry for the workgroup and realm name, I put MYDOMAIN to anonymize,
should be :
realm = MYDOMAIN.LOCAL
workgroup = MYDOMAIN

About libpam-krb5 installed, I have on my system :
yum list krb5-workstation pam_krb5
krb5-workstation.x86_64 1.15.1-37.el7_6 @updates
pam_krb5.x86_64 2.4.8-6.el7 @base

Is pam_krb5 equivalent to libpam-krb5 on centos 7 ?


> On 15/06/2019 01:40, eguigne--- via samba wrote:
>> Dear Samba Users,
>>
>> I set a samba share (4.8.1) on a linux (centos 7) as server member ;
>> authentication is done against a AD win 2012 R2 server through winbind.
>>
>> I thought authentication was using kerberos, but I checked log and found
>> :
>>
>> Auth: [SMB2,(null)] user [MYDOMAIN]\[mydomainuser] at [mar., 11 juin
>> 2019
>> 10:21:42.000927 -03] with [NTLMv2] status [NT_STATUS_OK] workstation
>> [CANONDCE0BD]
>>
>> Below, part of my smb.cnf :
>>
>> security = ads
>>
>> realm = MYDOMAIN
>> workgroup = MYDOMAIN
> Why is your workgroup and realm the same ?
>>
>> kerberos method = secrets and keytab
>>
>> server signing = mandatory
>>
>> client signing = mandatory
>>
>> How can I tell samba using kerberos instead of NTLMv2 ? Or is it in
>> winbind configuration ?
>
> Do you have libpam-krb5 installed ?
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list