> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Nir L wrote:
>
> | smb.conf:
> | security = ADS
> | I also configured /etc/krb5.conf and used net ads join
> | - successfully.
> |
> | However, I can see that NTLM is the chosen protocol for
> | each client machine (WinXP) accessing samba, and kerberos
> | is not used (from the log):
> | using SPNEGO
> | Selected protocol NT LM 0.12
>
> This is the smb protocol dialect and has nothing to do
> with the authentication chosen (not directly at least).
>
> | even though I tried to set "client use spnego = no"
>
> The applies only to Samba's client code and not the
> capability bits set by the server when replying to
> clients. Besides, you really should not disable spnego.
> Generally if it doesn't work it would be considered a bug.
>
> | How can I force samba to use kerberos ?
>
> Look for thew SPNEGO communication in the level 10 log.
I tried...
I finaliy got "not using SPNEGO", but still - got
Using protocol NT LM 0.12 after the SPNEGO message.
> Hint: search for the string 'OID' and see what mechanism
no OID strings in my log.
> is being negotiated.
here is my smb.conf.
[global]
workgroup = domain2003
netbios name = defconn2Logs
server string = Major Samba
encrypt passwords = Yes
log level = 10
log file = /var/samba/logs/log.%m
lock dir = /var/samba/locks
pid directory = /var/run
max log size = 5
preferred master = False
local master = No
domain master = False
dns proxy = No
guest account = pacifsconn
create mask = 0775
dead time = 15
debug pid = Yes
socket options = TCP_NODELAY IPTOS_LOWDELAY
oplocks = Yes
kernel oplocks = Yes
level2 oplocks = Yes
defer sharing violations = No
name resolve order = lmhosts wins bcast host
debug hires timestamp = Yes
wins server = 192.168.41.108
realm = DOMAIN2003.com
security = ADS
domain logons = No
client use spnego = No
use spnego = No
map to guest = bad password
map hidden = Yes
map system = Yes
force group = 1
bind interfaces only = Yes
interfaces = 192.168.41.139
smb passwd file = /var/samba/private/
private dir = /var/samba/private
winbind separator = +
idmap uid = 1-3
idmap gid = 1-3
winbind enum users = Yes
winbind enum groups = Yes
template homedir = /home/winnt/%D/%U
template shell = /bin/bash
use sendfile = No
strict locking = Yes
disable spoolss = Yes
mangling method = hash2
[Logs]
comment = Share for Logs
path = /var/log
browseable = Yes
read only = Yes
available = Yes
writeable = No
valid users = NONE EXCEPT domain2003+user2
map archive = Yes
hide dot files = No
directory mask = 751
dos filemode = Yes
and part of the logfile:
challenge is:
[2004/12/06 20:03:36.498409, 5, pid=4142] lib/util.c:dump_data(1899)
[000] AB 02 01 6F AA E3 15 2F ...o.../
[2004/12/06 20:03:36.498603, 3, pid=4142] smbd/negprot.c:reply_nt1(327)
not using SPNEGO
[2004/12/06 20:03:36.498710, 3, pid=4142] smbd/negprot.c:reply_negprot(549)
Selected protocol NT LM 0.12
[2004/12/06 20:03:36.498811, 5, pid=4142] smbd/negprot.c:reply_negprot(555)
negprot index=5
[2004/12/06 20:03:36.498918, 5, pid=4142] lib/util.c:show_msg(461)
[2004/12/06 20:03:36.498982, 5, pid=4142] lib/util.c:show_msg(471)
size=99
smb_com=0x72
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=49153
smb_tid=0
smb_pid=65279
smb_uid=0
smb_mid=0
smt_wct=17
smb_vwv[ 0]=5 (0x5)
smb_vwv[ 1]=12803 (0x3203)
smb_vwv[ 2]= 256 (0x100)
smb_vwv[ 3]= 1024 (0x400)
smb_vwv[ 4]= 65 (0x41)
smb_vwv[ 5]=0 (0x0)
smb_vwv[ 6]= 256 (0x100)
smb_vwv[ 7]=11776 (0x2E00)
smb_vwv[ 8]= 16 (0x10)
smb_vwv[ 9]=64768 (0xFD00)
smb_vwv[10]=32995 (0x80E3)
smb_vwv[11]=0 (0x0)
smb_vwv[12]=62284 (0xF34C)
smb_vwv[13]=48615 (0xBDE7)
smb_vwv[14]=50395 (0xC4DB)
smb_vwv[15]=34817 (0x8801)
smb_vwv[16]= 2303 (0x8FF)
smb_bcc=30
[2004/12/06 20:03:36.500113, 10, pid=4142] lib/util.c:dump_data(1899)
[000] AB 02 01 6F AA E3 15 2F 44 00 4F 00 4D 00 41 00 ...o.../ D.O.M.A.
[010] 49 00 4E 00 32 00 30 00 30 00 33 00 00 00I.N.2.0. 0.3...
[2004/12/06 20:03:36.500380, 6, pid=4142] lib/util_sock.c:write_socket(449)
write_socket(22,103)
[2004/12/06 20:03:36.500758, 6, pid=4142] lib/util_sock.c:write_socket(452)
write_socket(22,103) wrote 103
[2004/12/06 20:03:36.513975, 10, pid=4142]
lib/util_sock.c:read_smb_length_return_keepalive(505)
got smb length of 308
[2004