[Samba] Kerberos and NTLMv2 authentication
Denis Cardon
dcardon at tranquil.it
Mon Jun 17 12:37:55 UTC 2019
Hi Edouard,
> I set a samba share (4.8.1) on a linux (centos 7) as server member ;
> authentication is done against a AD win 2012 R2 server through winbind.
>
> I thought authentication was using kerberos, but I checked log and found :
>
> Auth: [SMB2,(null)] user [MYDOMAIN]\[mydomainuser] at [mar., 11 juin 2019
> 10:21:42.000927 -03] with [NTLMv2] status [NT_STATUS_OK] workstation
> [CANONDCE0BD]
CANONDCE0BD -> isn't that a copier doing scan2folder?
If it is the case, please know that most of copier cannot do Kerberos
auth properly. Actually you can already be happy if they to proper NTLM
auth... If the copier is actually configured to do Kerberos (which it
isn't the case usually), then check the NTP config, check that you are
not using IP address but FQDN DNS name, and check that DNS configuration
is right.
Cheers,
Denis
>
> Below, part of my smb.cnf :
>
> security = ads
>
> realm = MYDOMAIN
> workgroup = MYDOMAIN
>
> kerberos method = secrets and keytab
>
> server signing = mandatory
>
> client signing = mandatory
>
> How can I tell samba using kerberos instead of NTLMv2 ? Or is it in
> winbind configuration ?
>
> Best Regards,
> EdG
>
>
--
Denis Cardon
Tranquil IT
12 avenue Jules Verne (Bat. A)
44230 Saint Sébastien sur Loire (FRANCE)
tel : +33 (0) 240 975 755
http://www.tranquil.it
Tranquil IT recrute! https://www.tranquil.it/nous-rejoindre/
Samba install wiki for Frenchies : https://dev.tranquil.it
WAPT, software deployment made easy : https://wapt.fr
More information about the samba
mailing list