Douglas Bagnall
2024-Nov-01 00:48 UTC
[Samba] Login to LDAP from new version FortiClientEMS
On 1/11/24 04:06, Programnet via samba wrote:> I just want to make sure that Samba LDAP does not support ntlmsspNegotiate authentication and I will have to switch to > Windows Server?That sounds like an inaccurate conclusion. ntlmssp is not new. If you are looking at the conversation in Wireshark, you could tell us what the packets are actually saying, or you could show us your smb.conf and somebody will point out flaws (not me, I don't know that stuff). Douglas> W dniu 29.10.2024 o?13:42, Programnet via samba pisze: >> Hello Everyone >> >> I am using samba 4.20.5 with debian backport. I have FortiClientEMS tool which connects to LDAP to get data. >> FortiClientEMS version 7.0.x worked with Samba without any problem. Unfortunately newer version 7.2.x no longer works. >> I noticed while examining Wireshark traffic that version 7.0.x connects using authentication: sasl (3). New version >> 7.2.x authentication: ntlmsspNegotiate (10) and LDAP terminates the connection. >> >> >> Can I configure Samba to solve my problem? I also tested on Samba version 4.17.x. I checked on Windows Server 2012 and >> 2022 and this problem does not occur here. >> >> Best regards, Tomasz ?widerski > > --? > To unsubscribe from this list go to the following URL and read the > instructions:? https://lists.samba.org/mailman/options/samba
In attach pcap My samba config [global] ??????? netbios name = DC1 ??????? realm = XXXX.LOCAL ??????? server role = active directory domain controller ??????? server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate ??????? workgroup = XXXX ??????? log level = 1 auth_audit:3@/var/log/samba/auth.log ??????? log file = /var/log/samba/%m.log [sysvol] ??????? path = /var/lib/samba/sysvol ??????? read only = No [netlogon] ??????? path = /var/lib/samba/sysvol/wenus.local/scripts ??????? read only = No W dniu 1.11.2024 o?01:48, Douglas Bagnall pisze:> On 1/11/24 04:06, Programnet via samba wrote: >> I just want to make sure that Samba LDAP does not support ntlmsspNegotiate authentication and I will have to switch to >> Windows Server? > That sounds like an inaccurate conclusion. ntlmssp is not new. > > If you are looking at the conversation in Wireshark, you could > tell us what the packets are actually saying, or you could > show us your smb.conf and somebody will point out flaws > (not me, I don't know that stuff). > > Douglas > > >> W dniu 29.10.2024 o?13:42, Programnet via samba pisze: >>> Hello Everyone >>> >>> I am using samba 4.20.5 with debian backport. I have FortiClientEMS tool which connects to LDAP to get data. >>> FortiClientEMS version 7.0.x worked with Samba without any problem. Unfortunately newer version 7.2.x no longer works. >>> I noticed while examining Wireshark traffic that version 7.0.x connects using authentication: sasl (3). New version >>> 7.2.x authentication: ntlmsspNegotiate (10) and LDAP terminates the connection. >>> >>> >>> Can I configure Samba to solve my problem? I also tested on Samba version 4.17.x. I checked on Windows Server 2012 and >>> 2022 and this problem does not occur here. >>> >>> Best regards, Tomasz ?widerski >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions:? https://lists.samba.org/mailman/options/samba
pcap is? on my google drive https://drive.google.com/file/d/1GW-vSGratvQ2dOE-iGVPfj5w72ZBaUUR/view?usp=sharing W dniu 1.11.2024 o?01:48, Douglas Bagnall pisze:> On 1/11/24 04:06, Programnet via samba wrote: >> I just want to make sure that Samba LDAP does not support ntlmsspNegotiate authentication and I will have to switch to >> Windows Server? > That sounds like an inaccurate conclusion. ntlmssp is not new. > > If you are looking at the conversation in Wireshark, you could > tell us what the packets are actually saying, or you could > show us your smb.conf and somebody will point out flaws > (not me, I don't know that stuff). > > Douglas > > >> W dniu 29.10.2024 o?13:42, Programnet via samba pisze: >>> Hello Everyone >>> >>> I am using samba 4.20.5 with debian backport. I have FortiClientEMS tool which connects to LDAP to get data. >>> FortiClientEMS version 7.0.x worked with Samba without any problem. Unfortunately newer version 7.2.x no longer works. >>> I noticed while examining Wireshark traffic that version 7.0.x connects using authentication: sasl (3). New version >>> 7.2.x authentication: ntlmsspNegotiate (10) and LDAP terminates the connection. >>> >>> >>> Can I configure Samba to solve my problem? I also tested on Samba version 4.17.x. I checked on Windows Server 2012 and >>> 2022 and this problem does not occur here. >>> >>> Best regards, Tomasz ?widerski >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions:? https://lists.samba.org/mailman/options/samba