In addition to my last email (the one with my smb.conf) I also found out that: if I connect the share using \\<ip address>\<sharename> I get access to the share after NTLM has been used. and if I connect using \\<netbiosname>\<sharename> I get access denied (NTLM is still used...)
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Nir L wrote: > > | smb.conf: > | security = ADS > | I also configured /etc/krb5.conf and used net ads join > | - successfully. > | > | However, I can see that NTLM is the chosen protocol for > | each client machine (WinXP) accessing samba, and kerberos > | is not used (from the log): > | using SPNEGO > | Selected protocol NT LM 0.12 > > This is the smb protocol dialect and has nothing to do > with the authentication chosen (not directly at least). > > | even though I tried to set "client use spnego = no" > > The applies only to Samba's client code and not the > capability bits set by the server when replying to > clients. Besides, you really should not disable spnego. > Generally if it doesn't work it would be considered a bug. > > | How can I force samba to use kerberos ? > > Look for thew SPNEGO communication in the level 10 log. > Hint: search for the string 'OID' and see what mechanism > is being negotiated. > > > > > > cheers, jerry > - --------------------------------------------------------------------- > Alleviating the pain of Windows(tm) ------- http://www.samba.org > GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc > "If we're adding to the noise, turn off this song"--Switchfoot (2003) > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.4 (GNU/Linux) > Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org > > iD8DBQFBtIaZIR7qMdg1EfYRAmtkAKDc2777bMGrmvw3RAEnC3DhYkTYQACeN2fy > tMgCGnfpxdChut+G3BGX+do= > =4ywm > -----END PGP SIGNATURE----- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
