[Samba] Fwd: Re: Fwd: Re: Kerberos and NTLMv2 authentication
eguigne at pasteur-cayenne.fr
eguigne at pasteur-cayenne.fr
Wed Jun 19 01:16:45 UTC 2019
Hello,
Yes in my case, this is a Windows AD with RF2307 POSIX attributes.
Do you mean this is suitable to use winbindd only against a Samba AD
domain controller ?
I will make test tomorrow because Rowland found some errors in my domain
range gid.
This can explain why I cannot access to the share with winbindd.
(with sssd, it is possible... sssd doesn't seem to take care of domain
range ; but I get always NTLMv2 instead of Kerberos with sssd).
>
>
> On 6/18/19 11:59 AM, Rowland penny via samba wrote:
>> On 18/06/2019 17:24, Edouard Guigné via samba wrote:
>>> "winbind refresh tickets = yes" did not help for my case.
>>>
>> It always has for myself, I have never had to refresh any kerberos
>> machine tickets manually
>>
>
> Are you only ever authenticating against a Samba AD domain controller,
> though? Windows AD in the wild can be a pain in the ass. For example,
> I stop reading whenever I see RF2307 or adding POSIX attributes to
> Windows AD -- our AD domain admins can't (or possibly won't) accommodate
> this.
>
>
>
>> Rowland
>>
>>
>>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list