Hi all, I have successfully configured a samba server as a domain member in my 2003 domain (native mode 2003). I also configured winbind, and my domain users successfully can access shares in the samba server. smb.conf: security = ADS I also configured /etc/krb5.conf and used net ads join - successfully. However, I can see that NTLM is the chosen protocol for each client machine (WinXP) accessing samba, and kerberos is not used: from the log: using SPNEGO Selected protocol NT LM 0.12 even though I tried to set "client use spnego = no" How can I force samba to use kerberos ? Thanks, Nir
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Nir L wrote: | smb.conf: | security = ADS | I also configured /etc/krb5.conf and used net ads join | - successfully. | | However, I can see that NTLM is the chosen protocol for | each client machine (WinXP) accessing samba, and kerberos | is not used (from the log): | using SPNEGO | Selected protocol NT LM 0.12 This is the smb protocol dialect and has nothing to do with the authentication chosen (not directly at least). | even though I tried to set "client use spnego = no" The applies only to Samba's client code and not the capability bits set by the server when replying to clients. Besides, you really should not disable spnego. Generally if it doesn't work it would be considered a bug. | How can I force samba to use kerberos ? Look for thew SPNEGO communication in the level 10 log. Hint: search for the string 'OID' and see what mechanism is being negotiated. cheers, jerry - --------------------------------------------------------------------- Alleviating the pain of Windows(tm) ------- http://www.samba.org GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc "If we're adding to the noise, turn off this song"--Switchfoot (2003) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBtIaZIR7qMdg1EfYRAmtkAKDc2777bMGrmvw3RAEnC3DhYkTYQACeN2fy tMgCGnfpxdChut+G3BGX+do=4ywm -----END PGP SIGNATURE-----