On Fri, 2018-10-12 at 13:21 +0000, Reinaldo Souza Gomes wrote: > Jakub, > I see. Thank you. > > Simo, > Is this gssntlmssp package meant to work on CentOS 7.5 / Samba 4.7?
Yes to authenticate as a domain member you need to have winbind installed, configured and working correctly on the system. > If so, is there any configuration needed? I would like my Samba server to be > able to handle NTLMSSP authentication for windows' clients, while using SSSD > as the authentication layer, if possible. > Thanks in advance. > > Em sexta-feira, 12 de outubro de 2018 05:03:29 BRT, Jakub Hrozek > <[email protected]> escreveu: > > > > > On 11 Oct 2018, at 02:08, Reinaldo Souza Gomes > > <[email protected]> wrote: > > > > I know that this is an old topic, but I've seen contradictory answers in > > different places. > > > > Some topics say that SSSD has no support for NTLM due to its inherently > > unsecure nature, and will never have. > > Currently SSSD cannot handle NTLM. We thought about a long time about > handling NTLM, but it’s a lot of work for not so much gain… > > > > > > But others such as this > > topic(https://bugzilla.redhat.com/show_bug.cgi?id=963341) seem to state > > that it could be possible through gssntlmssp package. > > > > Since Simo commented on the bug some time ago, maybe he still remembers how > gssntlmssp was supposed to help there? > > > The reason for my question is that I'm trying to use Samba with SSSD, and > > its authentication fail when the windows client falls back from kerberos to > > NTLMv2 for any reason: > > [2018/10/10 20:43:32.382948, 2] > > ../source3/auth/auth.c:332(auth_check_ntlm_password) > > check_ntlm_password: Authentication for user [myusername] -> > > [myusername] FAILED with error NT_STATUS_NO_LOGON_SERVERS, authoritative=1 > > [2018/10/10 20:43:32.382989, 2] > > ../auth/auth_log.c:760(log_authentication_event_human_readable) > > Auth: [SMB2,(null)] user [MYDOMAIN]\[myusername] at [Wed, 10 Oct 2018 > > 20:43:32.382980 -03] with [NTLMv2] status [NT_STATUS_NO_LOGON_SERVERS] > > workstation [NTB005] remote host [ipv4:192.168.1.1:1914] mapped to > > [MYDOMAIN]\[myusername]. local host [ipv4:10.1.1.1:445] > > > > > > Is there anything I can do to make SSSD able to deal with NTLMv2/NTLMSSP? > > > > > > _______________________________________________ > > sssd-users mailing list -- [email protected] > > To unsubscribe send an email to [email protected] > > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > > List Archives: > > https://lists.fedorahosted.org/archives/list/[email protected] > > _______________________________________________ > sssd-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > -- Simo Sorce Sr. Principal Software Engineer Red Hat, Inc _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
