[Samba] Printserver after latest MS updates

Kees van Vloten keesvanvloten at gmail.com
Mon Oct 25 17:01:10 UTC 2021

On 25-10-2021 18:51, Achim Gottinger via samba wrote:
> Am 25.10.21 um 16:30 schrieb Christian Naumer via samba:
>> s far as I understood it. Non Domain joined clients can connect to 
>> resources on the Domain if you connect using domainuser credentials. 
>> However, NTLM not Kerberos is used then. If you block NTLM then non 
>> Domain joined clients will stop to work.
>> This all seems related...
> For filesharing NTLMv2 still wokrs with local accounts. Before the 
> oktober update once I connected with domainuser credentials from an 
> local account i could manage printers and drivers using 
> printmanagement. This also does no longer work. So MS changed the 
> behavior NTLM is involved in printing.
>> As for Kerberos. I use non domain joined client (Linux though) where 
>> I just configured the krb5.conf and I can then "kinit" and use my 
>> domain credentials to connect to server using krb auth with ssh.
>> I haven't tried with windows. 
> I was hoping this can be archieved on windows as well. There is no 
> native kinit on windows but i found java jdk's have such a binary. 
> kinit kan be used to get an ticket which the native klist shows as 
> valid but the file explorer does not use it when connecting to servers.
> Looking at 
> https://en.wikipedia.org/wiki/Security_Support_Provider_Interface, 
> windows uses NTLMSSP for non domain computers.
> The other method with heimdal and network identity manager i mentioned 
> are used for single sign on against openafs and seem to work with 
> firefox. Had no luck with the file explorer.
> Achim
There is also a MIT Kerberos client for Windows: 
I have no clue how well it integrates with the native Windows functionality

- Kees

More information about the samba mailing list