eguigne at pasteur-cayenne.fr
2019-Jun-15 14:11 UTC
[Samba] Kerberos and NTLMv2 authentication
Hello Rowland, Sorry for the workgroup and realm name, I put MYDOMAIN to anonymize, should be : realm = MYDOMAIN.LOCAL workgroup = MYDOMAIN About libpam-krb5 installed, I have on my system : yum list krb5-workstation pam_krb5 krb5-workstation.x86_64 1.15.1-37.el7_6 @updates pam_krb5.x86_64 2.4.8-6.el7 @base Is pam_krb5 equivalent to libpam-krb5 on centos 7 ?> On 15/06/2019 01:40, eguigne--- via samba wrote: >> Dear Samba Users, >> >> I set a samba share (4.8.1) on a linux (centos 7) as server member ; >> authentication is done against a AD win 2012 R2 server through winbind. >> >> I thought authentication was using kerberos, but I checked log and found >> : >> >> Auth: [SMB2,(null)] user [MYDOMAIN]\[mydomainuser] at [mar., 11 juin >> 2019 >> 10:21:42.000927 -03] with [NTLMv2] status [NT_STATUS_OK] workstation >> [CANONDCE0BD] >> >> Below, part of my smb.cnf : >> >> security = ads >> >> realm = MYDOMAIN >> workgroup = MYDOMAIN > Why is your workgroup and realm the same ? >> >> kerberos method = secrets and keytab >> >> server signing = mandatory >> >> client signing = mandatory >> >> How can I tell samba using kerberos instead of NTLMv2 ? Or is it in >> winbind configuration ? > > Do you have libpam-krb5 installed ? > > Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >
Hello, May you answer me about my issue with kerberos ? About libpam-krb5 installed, I have on my system : yum list krb5-workstation pam_krb5 krb5-workstation.x86_64 1.15.1-37.el7_6 @updates pam_krb5.x86_64 2.4.8-6.el7 @base Is pam_krb5 equivalent to libpam-krb5 on centos 7 ? Thanks -------- Message transf?r? -------- Sujet?: Re: [Samba] Kerberos and NTLMv2 authentication Date?: Sat, 15 Jun 2019 11:11:15 -0300 De?: eguigne--- via samba <samba at lists.samba.org> R?pondre ??: eguigne at pasteur-cayenne.fr Pour?: samba at lists.samba.org Hello Rowland, Sorry for the workgroup and realm name, I put MYDOMAIN to anonymize, should be : realm = MYDOMAIN.LOCAL workgroup = MYDOMAIN About libpam-krb5 installed, I have on my system : yum list krb5-workstation pam_krb5 krb5-workstation.x86_64 1.15.1-37.el7_6 @updates pam_krb5.x86_64 2.4.8-6.el7 @base Is pam_krb5 equivalent to libpam-krb5 on centos 7 ?> On 15/06/2019 01:40, eguigne--- via samba wrote: >> Dear Samba Users, >> >> I set a samba share (4.8.1) on a linux (centos 7) as server member ; >> authentication is done against a AD win 2012 R2 server through winbind. >> >> I thought authentication was using kerberos, but I checked log and found >> : >> >> Auth: [SMB2,(null)] user [MYDOMAIN]\[mydomainuser] at [mar., 11 juin >> 2019 >> 10:21:42.000927 -03] with [NTLMv2] status [NT_STATUS_OK] workstation >> [CANONDCE0BD] >> >> Below, part of my smb.cnf : >> >> security = ads >> >> realm = MYDOMAIN >> workgroup = MYDOMAIN > Why is your workgroup and realm the same ? >> >> kerberos method = secrets and keytab >> >> server signing = mandatory >> >> client signing = mandatory >> >> How can I tell samba using kerberos instead of NTLMv2 ? Or is it in >> winbind configuration ? > > Do you have libpam-krb5 installed ? > > Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
On 17/06/2019 12:56, Edouard Guign? via samba wrote:> Hello, > > May you answer me about my issue with kerberos ? > > About libpam-krb5 installed, I have on my system : > yum list krb5-workstation pam_krb5 > krb5-workstation.x86_64 1.15.1-37.el7_6 @updates > pam_krb5.x86_64 2.4.8-6.el7 @base > > Is pam_krb5 equivalent to libpam-krb5 on centos 7 ?Sorry for the late reply, yes pam_krb5 is the Centos equivalent of libpam_krb5 I think we need to see your entire smb.conf and the passwd & group lines from /etc/nsswitch.conf Rowland