Thanks to help from authors (there were many!) and reviewers and advocates, the SMB server can now do normal, Active Directory (AD)-style authentication, using connection-less LDAP queries to find the correct AD server, using Kerberos to authenticate the client, etc. This also closes a four year old bug: https://www.illumos.org/issues/1087
This push represents quite a bit of work beyond what was in the original OpenSolaris code. The changes add up to over ten thousand lines of new code, or about fifteen thousand changed lines (according to webrev). One caution: After this, quite a lot of the on-line "advice" you'll find about administering the SMB service is out of date and now wrong. In particular, advice about OpenSolaris and adjusting lmauth_level no longer applies to illumos. Similarly, one should now _disregard_ advice about changes on the Windows side to "dumb down" the security levels it uses to connect to our SMB service, because we now can do full Kerberos authentication etc. Thanks to Nexenta Systems (www.nexenta.com) for supporting the effort to upstream this major piece of work. Gordon Ross On Thu, Oct 22, 2015 at 2:57 PM, Gordon Ross <[email protected]> wrote: > Hi developers, > > I plan to RTI the three change sets below soon (probably this weekend). > If you plan to review them, please finish up, or ask for more time. > > 6352 Updated DC locator for SMB and idmap > https://www.illumos.org/issues/6352 > http://ma.nexenta.com/gwr/dclocate/ > > 6351 Update smbsrv dtrace scripts and install them > https://www.illumos.org/issues/6351 > http://ma.nexenta.com/gwr/smbdtrace/ > > 1122 smbsrv should use SPNEGO (inbound authentication) > https://www.illumos.org/issues/1122 > http://ma.nexenta.com/gwr/extsec/ ------------------------------------------- illumos-discuss Archives: https://www.listbox.com/member/archive/182180/=now RSS Feed: https://www.listbox.com/member/archive/rss/182180/21175430-2e6923be Modify Your Subscription: https://www.listbox.com/member/?member_id=21175430&id_secret=21175430-6a77cda4 Powered by Listbox: http://www.listbox.com
