[Samba] Security Implications of "ldap server require strong auth"?
Bestattungen Vitt - Thomas Reitelbach
t.reitelbach at bestattungen-vitt.de
Mon May 27 13:57:52 UTC 2024
Hello Samba Team,
I hope someone with more expertise than me can englighten me to the
following "problem":
I'm on my way to implement Nextcloud LDAP Authentication against my
existing Samba Active Directory via the LDAP Auth Plugin in Nextcloud. I
have had trouble with the configuration of the Auth-Plugin in Nextcloud
because it could not bind to the ldap directory.
After some investigation I learned, that the nextcloud ldap auth plugin
does not support "strong authentication", which seems to be enforced by
samba by default.
Further investigation led me to the solution to use the [global] option
"ldap server require strong auth = no" in smb.conf. With this option
set, the ldap plugin is working and my Domain users can authenticate to
nextcloud with their Domain account.
But before I implement this in my production system I need to know the
security implications of this samba parameter. I must admit that I don't
really understand the risc for a real-life scenario. Also, I'm not very
experienced with ldap, so please, can you help me a bit?
Samba: 4.17.12-Debian (stock debian version)
Nextcloud Hub 8 (29.0.0.1)
Cheers
Thomas Reitelbach
--
Bestattungen Vitt oHG
Inhaber Willi & Thomas Reitelbach
Rochusstraße 176
53123 Bonn-Duisdorf
Registergericht: Amtsgericht Bonn, HRA 7958
Facebook: http://www.facebook.de/bestattungenvitt
Gedenkportal: http://begleiten.bestattungen-vitt.de
Internet: http://www.bestattungen-vitt.de
Telefon: 0228 - 62 68 68
Fax: 0228 - 978 30 36
More information about the samba
mailing list