Donald Saltarelli wrote: > > Andrew, as you konw, I'm trying to get samba-3.0-alpha20 to authenticate > a user that logs in to an AD domain workstation with the user's AD > kerberos credentials. looking at the logs, it's not clear to me whether > samba is trying to do kerberos or NTLM authentication for the client.
These logs indicate NTLM authenticaion. Use 'auth methods = guest' to ensure that Samba doesn't even try to authenticate users with NTLM. > in smb.conf I have: > > [global] > security = ADS > realm = HSSOE.UCI.EDU > ads server = dc1.hssoe.uci.edu > lanman auth = no > ntlm auth = no > disable netbios = yes > use spnego = yes > # protocol = > # encrypt passwords = yes > ldap admin dn = Administrator > > How do i get it to only do GSS-SPNEGO or whatever it's called? Is this > just not possible yet? Win2k machines will use kerberos in preference to NTLM when possible. > I noticed that in the log at some point it says realm(NULL). could the > AD KDC be rejecting it because of that? > > Thanks for any help, > > Donald > (time running out for this quarter's launch...) Then I think you left your run a bit late... This stuff is complex, why didn't you start at this earlier...? Also, I'm still not particuarly clear on what you are doing - you have an MIT kerberos realm, and a Win2k realm, but passwords are not synced...??? Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba