Reinaldo Souza Gomes
2018-Oct-10 18:50 UTC
[Samba] How to disable NTLM authentication on Samba
How can I make sure that NTLM(SSP) will never be used?? I’ve set up Samba with SSSD and everything Works fine... except for a few Windows machines which every now and then happen to send NTLM authentication flags to the Samba server, which happily forwards them. And then the authentication fails because SSSD doesn’t support NTLM. I’ve tried all sorts of parameters combination on smb.conf (including "ntlm auth = disabled"), but I didn’t find a way to completely refuse NTLM authentication on the Samba server, and force the client to use another authentication method (kerberos).
On Wed, 10 Oct 2018 18:50:23 +0000 (UTC) Reinaldo Souza Gomes via samba <samba at lists.samba.org> wrote:> > How can I make sure that NTLM(SSP) will never be used?? > > I’ve set up Samba with SSSD and everything Works fine... except for a > few Windows machines which every now and then happen to send NTLM > authentication flags to the Samba server, which happily forwards > them. And then the authentication fails because SSSD doesn’t support > NTLM. > > I’ve tried all sorts of parameters combination on smb.conf (including > "ntlm auth = disabled"), but I didn’t find a way to completely refuse > NTLM authentication on the Samba server, and force the client to use > another authentication method (kerberos).You will have to ask the sssd-users mailing list, you are not using Samba for authentication. sssd isn't a Samba product. Samba by default no longer uses NTLMv1 Rowland
Reinaldo Souza Gomes
2018-Oct-10 19:52 UTC
[Samba] How to disable NTLM authentication on Samba
Forgive me if I have misundertood your words, but what I want is to prevent Samba from accepting NTLM(v1, v2, SSP, or whatever) and forwarding it, since SSSD does not support it. I am not trying to get SSSD to support any kind of NTLM. So, this would be a Samba issue, not SSSD's. Isn't that correct? Putting it in another words: what can I do (preferrably on the Samba server) to prevent windows clients from successfully sending NTLM authentication to my Samba server? Em quarta-feira, 10 de outubro de 2018 16:29:28 BRT, Rowland Penny via samba <samba at lists.samba.org> escreveu: On Wed, 10 Oct 2018 18:50:23 +0000 (UTC) Reinaldo Souza Gomes via samba <samba at lists.samba.org> wrote:> > How can I make sure that NTLM(SSP) will never be used?? > > I’ve set up Samba with SSSD and everything Works fine... except for a > few Windows machines which every now and then happen to send NTLM > authentication flags to the Samba server, which happily forwards > them. And then the authentication fails because SSSD doesn’t support > NTLM. > > I’ve tried all sorts of parameters combination on smb.conf (including > "ntlm auth = disabled"), but I didn’t find a way to completely refuse > NTLM authentication on the Samba server, and force the client to use > another authentication method (kerberos).You will have to ask the sssd-users mailing list, you are not using Samba for authentication. sssd isn't a Samba product. Samba by default no longer uses NTLMv1 Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba