I have a long running OmniOS SMB server currently running r151052 AD integrated and working fine on NTLMv2. As all other devices are off NTLM except this server, I have attempted to convert it over to Kerberos. I didn't even see any options in napp-it and so I used the OmniOS guide which indicates it is possible and works. Specifically, I followed this OmniOS guide Active Directory Integration and enabled Kerberos AES for all the accounts and get a Kerberos Session and Ticket showing AES, BUT the SMB server still uses NTLM, and disabling NTLM support from the Windows side kills all SMB access to the OmniOS server. What am I missing to get OmniOS to do Kerberos only SMB SSO, or at least prefer Kerberos over NTLM?
#klist -e Ticket cache: FILE:/tmp/krb5cc_0 Default principal: *admin account*@*domain*.NET Valid starting Expires Service principal 10/02/2025 15:04 11/02/2025 01:04 krbtgt/*domain*@*domain*.NET renew until 17/02/2025 15:04, Etype(skey, tkt): AES-256 CTS mode with 96-bit SHA-1 HMAC, AES-256 CTS mode with 96-bit SHA-1 HMAC ------------------------------------------ illumos: illumos-discuss Permalink: https://illumos.topicbox.com/groups/discuss/Tef371e0d901b265f-M7ec4c7ec9b722d4d98cd8cb8 Delivery options: https://illumos.topicbox.com/groups/discuss/subscription
