[Samba] Printserver after latest MS updates
Kees van Vloten
keesvanvloten at gmail.com
Mon Oct 25 17:01:10 UTC 2021
On 25-10-2021 18:51, Achim Gottinger via samba wrote:
> Am 25.10.21 um 16:30 schrieb Christian Naumer via samba:
>> s far as I understood it. Non Domain joined clients can connect to
>> resources on the Domain if you connect using domainuser credentials.
>> However, NTLM not Kerberos is used then. If you block NTLM then non
>> Domain joined clients will stop to work.
>>
>> This all seems related...
> For filesharing NTLMv2 still wokrs with local accounts. Before the
> oktober update once I connected with domainuser credentials from an
> local account i could manage printers and drivers using
> printmanagement. This also does no longer work. So MS changed the
> behavior NTLM is involved in printing.
>>
>> As for Kerberos. I use non domain joined client (Linux though) where
>> I just configured the krb5.conf and I can then "kinit" and use my
>> domain credentials to connect to server using krb auth with ssh.
>> I haven't tried with windows.
>
> I was hoping this can be archieved on windows as well. There is no
> native kinit on windows but i found java jdk's have such a binary.
> kinit kan be used to get an ticket which the native klist shows as
> valid but the file explorer does not use it when connecting to servers.
>
> Looking at
> https://en.wikipedia.org/wiki/Security_Support_Provider_Interface,
> windows uses NTLMSSP for non domain computers.
>
> The other method with heimdal and network identity manager i mentioned
> are used for single sign on against openafs and seem to work with
> firefox. Had no luck with the file explorer.
>
>
> Achim
>
>
There is also a MIT Kerberos client for Windows:
https://web.mit.edu/kerberos/dist/#kfw-4.1
I have no clue how well it integrates with the native Windows functionality
- Kees
More information about the samba
mailing list