[Samba] Login to LDAP from new version FortiClientEMS
Programnet
tomeks at programnet.eu
Sat Nov 2 08:46:20 UTC 2024
In attach pcap
My samba config
[global]
netbios name = DC1
realm = XXXX.LOCAL
server role = active directory domain controller
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
drepl, winbindd, ntp_signd, kcc, dnsupdate
workgroup = XXXX
log level = 1 auth_audit:3@/var/log/samba/auth.log
log file = /var/log/samba/%m.log
[sysvol]
path = /var/lib/samba/sysvol
read only = No
[netlogon]
path = /var/lib/samba/sysvol/wenus.local/scripts
read only = No
W dniu 1.11.2024 o 01:48, Douglas Bagnall pisze:
> On 1/11/24 04:06, Programnet via samba wrote:
>> I just want to make sure that Samba LDAP does not support ntlmsspNegotiate authentication and I will have to switch to
>> Windows Server?
> That sounds like an inaccurate conclusion. ntlmssp is not new.
>
> If you are looking at the conversation in Wireshark, you could
> tell us what the packets are actually saying, or you could
> show us your smb.conf and somebody will point out flaws
> (not me, I don't know that stuff).
>
> Douglas
>
>
>> W dniu 29.10.2024 o 13:42, Programnet via samba pisze:
>>> Hello Everyone
>>>
>>> I am using samba 4.20.5 with debian backport. I have FortiClientEMS tool which connects to LDAP to get data.
>>> FortiClientEMS version 7.0.x worked with Samba without any problem. Unfortunately newer version 7.2.x no longer works.
>>> I noticed while examining Wireshark traffic that version 7.0.x connects using authentication: sasl (3). New version
>>> 7.2.x authentication: ntlmsspNegotiate (10) and LDAP terminates the connection.
>>>
>>>
>>> Can I configure Samba to solve my problem? I also tested on Samba version 4.17.x. I checked on Windows Server 2012 and
>>> 2022 and this problem does not occur here.
>>>
>>> Best regards, Tomasz Świderski
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list