Jakub,
I see. Thank you.
Simo,
Is this gssntlmssp package meant to work on CentOS 7.5 / Samba 4.7? If so, is
there any configuration needed? I would like my Samba server to be able to
handle NTLMSSP authentication for windows' clients, while using SSSD as the
authentication layer, if possible.
Thanks in advance.
Em sexta-feira, 12 de outubro de 2018 05:03:29 BRT, Jakub Hrozek
<jhro...@redhat.com> escreveu:
> On 11 Oct 2018, at 02:08, Reinaldo Souza Gomes
> <reinaldosouzago...@yahoo.com.br> wrote:
>
> I know that this is an old topic, but I've seen contradictory answers in
> different places.
>
> Some topics say that SSSD has no support for NTLM due to its inherently
> unsecure nature, and will never have.
Currently SSSD cannot handle NTLM. We thought about a long time about handling
NTLM, but it’s a lot of work for not so much gain…
>
> But others such as this
> topic(https://bugzilla.redhat.com/show_bug.cgi?id=963341) seem to state that
> it could be possible through gssntlmssp package.
>
Since Simo commented on the bug some time ago, maybe he still remembers how
gssntlmssp was supposed to help there?
> The reason for my question is that I'm trying to use Samba with SSSD, and its
> authentication fail when the windows client falls back from kerberos to
> NTLMv2 for any reason:
> [2018/10/10 20:43:32.382948, 2]
> ../source3/auth/auth.c:332(auth_check_ntlm_password)
> check_ntlm_password: Authentication for user [myusername] -> [myusername]
>FAILED with error NT_STATUS_NO_LOGON_SERVERS, authoritative=1
> [2018/10/10 20:43:32.382989, 2]
> ../auth/auth_log.c:760(log_authentication_event_human_readable)
> Auth: [SMB2,(null)] user [MYDOMAIN]\[myusername] at [Wed, 10 Oct 2018
>20:43:32.382980 -03] with [NTLMv2] status [NT_STATUS_NO_LOGON_SERVERS]
>workstation [NTB005] remote host [ipv4:192.168.1.1:1914] mapped to
>[MYDOMAIN]\[myusername]. local host [ipv4:10.1.1.1:445]
>
>
> Is there anything I can do to make SSSD able to deal with NTLMv2/NTLMSSP?
>
>
> _______________________________________________
> sssd-users mailing list -- sssd-users@lists.fedorahosted.org
> To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org
_______________________________________________
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org
_______________________________________________
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org
