On Fri, 2015-07-03 at 12:24 +0200, Christoph Kaminski wrote:
> it is possible (without extra patch/schema extension) to use samba shares
> without kerberos? Possibly is there something like a auth proxy for it? I
> mean the user authenticates with a password and the proxy checks it
> securly against ipa...
> any howtos/docs/ideas?
You misunderstand how SMB authentication works.
You have only 2 options: NTLM or Kerberos, neither sends the password in
the clear to samba, so there is no proxy you can build, they are both
MITM resistant protocols.
> (have ipa 4.1 and samba 4.1.12 here)
> Christoph Kaminski
Simo Sorce * Red Hat, Inc * New York
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project