[Samba] Kerberos and NTLMv2 authentication
eguigne at pasteur-cayenne.fr
Mon Jun 17 12:45:37 UTC 2019
Exactly, this is a Canon MFP.
Thank you for your help ! :))
Le 17/06/2019 à 09:37, Denis Cardon via samba a écrit :
> Hi Edouard,
>> I set a samba share (4.8.1) on a linux (centos 7) as server member ;
>> authentication is done against a AD win 2012 R2 server through winbind.
>> I thought authentication was using kerberos, but I checked log and
>> found :
>> Auth: [SMB2,(null)] user [MYDOMAIN]\[mydomainuser] at [mar., 11 juin
>> 10:21:42.000927 -03] with [NTLMv2] status [NT_STATUS_OK] workstation
> CANONDCE0BD -> isn't that a copier doing scan2folder?
> If it is the case, please know that most of copier cannot do Kerberos
> auth properly. Actually you can already be happy if they to proper
> NTLM auth... If the copier is actually configured to do Kerberos
> (which it isn't the case usually), then check the NTP config, check
> that you are not using IP address but FQDN DNS name, and check that
> DNS configuration is right.
>> Below, part of my smb.cnf :
>> security = ads
>> realm = MYDOMAIN
>> workgroup = MYDOMAIN
>> kerberos method = secrets and keytab
>> server signing = mandatory
>> client signing = mandatory
>> How can I tell samba using kerberos instead of NTLMv2 ? Or is it in
>> winbind configuration ?
>> Best Regards,
More information about the samba