Displaying 20 results from an estimated 10000 matches similar to: "How to disable NTLM authentication on Samba"
2018 Oct 10
4
How to disable NTLM authentication on Samba
Forgive me if I have misundertood your words, but what I want is to prevent Samba from accepting NTLM(v1, v2, SSP, or whatever) and forwarding it, since SSSD does not support it. I am not trying to get SSSD to support any kind of NTLM. So, this would be a Samba issue, not SSSD's. Isn't that correct?
Putting it in another words: what can I do (preferrably on the Samba server) to prevent
2018 Oct 10
3
How to disable NTLM authentication on Samba
Whenever a client uses kerberos as authentication, it succeeds.
Whenever a client uses NTLM as authentication, it fails (logs bellow) since SSSD can't support NTLM. Thus my question: what can I do to prevent NTLM from being used??
[2018/10/09 17:49:29.507046, 2] ../source3/auth/auth.c:332(auth_check_ntlm_password) check_ntlm_password: Authentication for user [MYUSER] -> [MYUSER] FAILED
2018 Oct 10
2
How to disable NTLM authentication on Samba
The domain controler is Windows. The file Server is Linux/Samba. The clients are Windows.
I've tested the access on a dozen different windows machines. Three of them used NTLM and failed. All the others used kerberos and succeeded. They're all in the same network, same domain. Maybe it's the windows version? But they're all Window 8 or 10, not a great deal of a difference between
2018 Oct 11
2
How to disable NTLM authentication on Samba
Single DC?
If a single DC then there should not be any replication issues - that
would only be between domain controllers and the event logs would
indicate that. I have 2 Windows DC's with a mix of Samba member servers.
As far as I know, the domain member does not need client NTLM auth to be
enabled to talk to the DC but I am not 100% sure. You may want to try
reenabling it and
2018 Oct 11
1
How to disable NTLM authentication on Samba
How is your sssd settup (sssd.conf) configured?
When someone connects via samba, the underlying linux/unix file system
routines need to have some what of understanding the windows users and
groups. This isn't for authentication but is instead to make sure
that the file permissions can be managed and enforced.
My experience - at least when I had classic domain Samba controllers-
was
2018 Oct 10
0
How to disable NTLM authentication on Samba
How would samba forward any requests on to any other service ? You
can have sssd setup on a server if you also need to support things like
ssh, sftp, and nfs but that is separate from samba's "Windows" services.
Or do you mean it forwards NTLM requests to a different server ?
Disabling NTLM altogether would be a useful feature if you are trying to
minimize the attack
2018 Oct 10
0
How to disable NTLM authentication on Samba
I must be missing something-
Are these Windows clients? Or are these Linux clients authenticating
against Samba ?
if they were linux clients then yes I could see sssd or other
authentication components besides winbind coming into play. And in that
case yes you would have sssd work with winbind to enable caching of
credentials.
Is the event log entry below from the server ? Is it from
2018 Oct 11
0
How to disable NTLM authentication on Samba
There are roughly 20 DC's, spread across multiple different physical locations. It is indeed a replication issue. All of them are windows and we can get authenticated by any of them, randomly. Don't ask me why... they're managed by the "windows' guys"...
I've already tried all sorts of possible combinations for the various NTLM-related parameters and it always fail
2018 Oct 10
0
How to disable NTLM authentication on Samba
This issue right here told me exactly what I needed to understand this authentication process:https://pagure.io/SSSD/sssd/issue/3228
- The client talks to the DC to try and get a cifs ticket for my samba server's princpal name;- In case the client can't get the ticket for any reason, it falls back to NTLM <- windows client decision, nothing can be done about it by Samba/SSSD;
Once I
2003 Oct 18
1
Res: Nmbd in a infinite loop, doing nothing and sucking 99%CPU (really)
Hi, Tim
Not even one ocurrence of "wins support" on my smb.conf
-----Mensagem original-----
De: Tim Kelley [mailto:tpk@r00tserverz.net]
Enviada em: s?bado, 18 de outubro de 2003 11:09
Para: Reinaldo Brand?o Gomes
Cc: samba@samba.org
Assunto: Re: [Samba] Nmbd in a infinite loop, doing nothing and sucking 99%CPU (really)
On Saturday 18 October 2003 9:03 am, Reinaldo Brand?o Gomes
2018 Mar 26
3
freeradius + NTLM + samba AD 4.5.x
Ok, I finally could try it out, and it seems to actually work, but You
need samba 4.7 on all machines, not only AD, but also server with
freeradius. I didn't get a chance to test it locally, that is samba AD +
freeradius on the same server.
Setup: 4.7.6 AD server and 4.6.2 samba member + freeradius didn't work
(got simple "nt_status_wrong_password")
but: 4.7.6 AD and 4.7.1
2016 Jun 27
3
Looking for NTLM config example
On 6/27/2016 2:45 AM, Mark Foley wrote:
> While continuing to test gssapi, I thought I check out your suggestion on NTLM v1. I did set
> Thunderbird to NTLM v1 ...
You are aware, I hope, that NTLM v1 is well over 20 years old and
is trivially compromised today. Basically, it's about as secure as
sending plaintext passwords. Since you're supporting SSL on your
Dovecot server, why not
2018 Mar 26
3
freeradius + NTLM + samba AD 4.5.x
Also I just facepalmed, as I double checked smb.conf right after sending
mail, and in samba 4.7 there are new options available for "ntlm auth",
as stated in docs:
|mschapv2-and-ntlmv2-only| - Only allow NTLMv1 when the client promises
that it is providing MSCHAPv2 authentication (such as the |ntlm_auth| tool).
So that is is I suppose that special "flag" that is used by
2018 Mar 27
2
ODP: Re: freeradius + NTLM + samba AD 4.5.x
ok, tested it, and it works.
so to summarize:
on samba ad 4.7.x in smb.conf "ntlm auth" is set to "mschapv2-and-ntlmv2-only"
fr + samba domain member (4.6 and 4.7) in mods-available/mschap you have to add to ntlm_auth --allow-mschapv2 to the whole string OR just use winbind method, which sets correct flag without explicitly adding it.
with those settings ntlmv1 is blocked
2018 Mar 26
4
freeradius + NTLM + samba AD 4.5.x
Hi,
we have updated our samba AD domain from 4.4.x to 4.5.x.
The release notes for 4.5.0 included "NTLMv1 authentication disabled by
default".
So we had to enable it to get our radius (freeradius) server working
(for 802.1x).
What would be the best way to change the freeradius configuration in
such a way,
that we can disable NTLMv1 again.
The radius server is used for WLAN
2018 Mar 27
5
ODP: Re: freeradius + NTLM + samba AD 4.5.x
Hello,
I can definately confirm that it's working.
My basic setup is:
1) Samba 4.7.6 AD DC (2 of them), compiled from source, on centos 7
2) Freeradius 3.0.13 + samba 4.6.2 as domain member, packages straight
from centos repo. // I tested also on freeradius 3.0.14 and samba 4.7.x
smb.conf on the DC is pretty basic, most important is obviously in
[globall]:
ntlm auth =
2019 Nov 06
2
NTLM refuses to work on a DC
Hi there,
I'm trying to get FreeRADIUS to authenticate against my Samba DC. It's
Samba 4.7.6-ubuntu running on Ubuntu 18 (kernel version
4.15.0-66-generic). It came nicely packaged with Zentyal, which provides
a nice GUI for managing a domain, as well as a CA and lots of cool small
features. That same Zentyal also includes support for FreeRADIUS (3.0.16).
This is my smb.conf:
2004 Jul 09
3
Strong Encryption
Does anyone knows which one is the strongest and which is the fastest
encryption algorithms
used in OpenSSH 3.7.1p2 from the list below
aes128-cbc,
3des-cbc,
blowfish-cbc,
cast128-cbc,
arcfour,
aes192-cbc,
aes256-cbc,
rijndael-cbc at lysator.liu.se,
aes128-ctr,
aes192-ctr,
aes256-ctr
Strong Encryption
OpenSSH supports 3DES, Blowfish, AES and arcfour as encryption algorithms.
These are patent
2003 Oct 18
1
Nmbd in a infinite loop, doing nothing and sucking 99%CPU (really)
Hello,
My problem is that since last Sunday, 6 ultra 10, running solaris 7 stopped having samba working. Those machine are on a client site, a big mining idustry. SO, all the reports are generated over this data base, that needs to be available.
The nmbd process looks like being in a loop, doing nothing and consuming 99%CPU. I have tried to create a log, using the nmbd -l /var/log/samba.log
2003 Oct 20
1
Nmbd in a infinite loop - consuming 99% CPU
Hi, People
WE are having this problem with nmbd & smbd. The Process, once started goes by 99%CPU time and does nothing. For example, if I started nmbd with the option -l /usr/local/samba/log.nmbd, no log is created.
The smb.conf was not modified over the last 8 years. The OS is solaris 7, and we have mainly windows clients. But doing one test with smbclient from another sun running