[Samba] Kerberos and NTLMv2 authentication
Edouard Guigné
eguigne at pasteur-cayenne.fr
Mon Jun 17 12:45:37 UTC 2019
Hello Denis,
Exactly, this is a Canon MFP.
Thank you for your help ! :))
Edouard
Le 17/06/2019 à 09:37, Denis Cardon via samba a écrit :
> Hi Edouard,
>
>> I set a samba share (4.8.1) on a linux (centos 7) as server member ;
>> authentication is done against a AD win 2012 R2 server through winbind.
>>
>> I thought authentication was using kerberos, but I checked log and
>> found :
>>
>> Auth: [SMB2,(null)] user [MYDOMAIN]\[mydomainuser] at [mar., 11 juin
>> 2019
>> 10:21:42.000927 -03] with [NTLMv2] status [NT_STATUS_OK] workstation
>> [CANONDCE0BD]
>
> CANONDCE0BD -> isn't that a copier doing scan2folder?
>
> If it is the case, please know that most of copier cannot do Kerberos
> auth properly. Actually you can already be happy if they to proper
> NTLM auth... If the copier is actually configured to do Kerberos
> (which it isn't the case usually), then check the NTP config, check
> that you are not using IP address but FQDN DNS name, and check that
> DNS configuration is right.
>
> Cheers,
>
> Denis
>
>>
>> Below, part of my smb.cnf :
>>
>> security = ads
>>
>> realm = MYDOMAIN
>> workgroup = MYDOMAIN
>>
>> kerberos method = secrets and keytab
>>
>> server signing = mandatory
>>
>> client signing = mandatory
>>
>> How can I tell samba using kerberos instead of NTLMv2 ? Or is it in
>> winbind configuration ?
>>
>> Best Regards,
>> EdG
>>
>>
>
More information about the samba
mailing list