On Fri, 2015-07-03 at 12:24 +0200, Christoph Kaminski wrote: > Hi > > it is possible (without extra patch/schema extension) to use samba shares > without kerberos? Possibly is there something like a auth proxy for it? I > mean the user authenticates with a password and the proxy checks it > securly against ipa... > any howtos/docs/ideas?
You misunderstand how SMB authentication works. You have only 2 options: NTLM or Kerberos, neither sends the password in the clear to samba, so there is no proxy you can build, they are both MITM resistant protocols. Simo. > (have ipa 4.1 and samba 4.1.12 here) > > Greetz > Christoph Kaminski > -- Simo Sorce * Red Hat, Inc * New York -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
