On Fri, 2015-07-03 at 12:24 +0200, Christoph Kaminski wrote:
> Hi
> it is possible (without extra patch/schema extension) to use samba shares 
> without kerberos? Possibly is there something like a auth proxy for it? I 
> mean the user authenticates with a password and the proxy checks it 
> securly against ipa...
> any howtos/docs/ideas?

You misunderstand how SMB authentication works.
You have only 2 options: NTLM or Kerberos, neither sends the password in
the clear to samba, so there is no proxy you can build, they are both
MITM resistant protocols.


> (have ipa 4.1 and samba 4.1.12 here)
> Greetz
> Christoph Kaminski

Simo Sorce * Red Hat, Inc * New York

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to