[Samba] Login to LDAP from new version FortiClientEMS

Programnet tomeks at programnet.eu
Sat Nov 2 08:46:20 UTC 2024


In attach pcap

My samba config
[global]
         netbios name = DC1
         realm = XXXX.LOCAL
         server role = active directory domain controller
         server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, 
drepl, winbindd, ntp_signd, kcc, dnsupdate
         workgroup = XXXX
         log level = 1 auth_audit:3@/var/log/samba/auth.log
         log file = /var/log/samba/%m.log

[sysvol]
         path = /var/lib/samba/sysvol
         read only = No

[netlogon]
         path = /var/lib/samba/sysvol/wenus.local/scripts
         read only = No

W dniu 1.11.2024 o 01:48, Douglas Bagnall pisze:
> On 1/11/24 04:06, Programnet via samba wrote:
>> I just want to make sure that Samba LDAP does not support ntlmsspNegotiate authentication and I will have to switch to
>> Windows Server?
> That sounds like an inaccurate conclusion. ntlmssp is not new.
>
> If you are looking at the conversation in Wireshark, you could
> tell us what the packets are actually saying, or you could
> show us your smb.conf and somebody will point out flaws
> (not me, I don't know that stuff).
>
> Douglas
>
>
>> W dniu 29.10.2024 o 13:42, Programnet via samba pisze:
>>> Hello Everyone
>>>
>>> I am using samba 4.20.5 with debian backport. I have FortiClientEMS tool which connects to LDAP to get data.
>>> FortiClientEMS version 7.0.x worked with Samba without any problem. Unfortunately newer version 7.2.x no longer works.
>>> I noticed while examining Wireshark traffic that version 7.0.x connects using authentication: sasl (3). New version
>>> 7.2.x authentication: ntlmsspNegotiate (10) and LDAP terminates the connection.
>>>
>>>
>>> Can I configure Samba to solve my problem? I also tested on Samba version 4.17.x. I checked on Windows Server 2012 and
>>> 2022 and this problem does not occur here.
>>>
>>> Best regards, Tomasz Świderski
>> -- 
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba


More information about the samba mailing list