[Samba] Printserver after latest MS updates
Achim Gottinger
achim at ag-web.biz
Mon Oct 25 16:51:47 UTC 2021
Am 25.10.21 um 16:30 schrieb Christian Naumer via samba:
> s far as I understood it. Non Domain joined clients can connect to resources on the Domain if you connect using domainuser credentials. However, NTLM not Kerberos is used then. If you block NTLM then non Domain joined clients will stop to work.
>
> This all seems related...
For filesharing NTLMv2 still wokrs with local accounts. Before the oktober update once I connected with domainuser credentials from an local account i could manage printers and drivers using printmanagement. This also does no longer work. So MS changed the behavior NTLM is involved in printing.
>
> As for Kerberos. I use non domain joined client (Linux though) where I just configured the krb5.conf and I can then "kinit" and use my domain credentials to connect to server using krb auth with ssh.
> I haven't tried with windows.
I was hoping this can be archieved on windows as well. There is no native kinit on windows but i found java jdk's have such a binary. kinit kan be used to get an ticket which the native klist shows as valid but the file explorer does not use it when connecting to servers.
Looking at https://en.wikipedia.org/wiki/Security_Support_Provider_Interface, windows uses NTLMSSP for non domain computers.
The other method with heimdal and network identity manager i mentioned are used for single sign on against openafs and seem to work with firefox. Had no luck with the file explorer.
Achim
More information about the samba
mailing list