Jakub, I see. Thank you. Simo, Is this gssntlmssp package meant to work on CentOS 7.5 / Samba 4.7? If so, is there any configuration needed? I would like my Samba server to be able to handle NTLMSSP authentication for windows' clients, while using SSSD as the authentication layer, if possible. Thanks in advance.
Em sexta-feira, 12 de outubro de 2018 05:03:29 BRT, Jakub Hrozek <jhro...@redhat.com> escreveu: > On 11 Oct 2018, at 02:08, Reinaldo Souza Gomes > <reinaldosouzago...@yahoo.com.br> wrote: > > I know that this is an old topic, but I've seen contradictory answers in > different places. > > Some topics say that SSSD has no support for NTLM due to its inherently > unsecure nature, and will never have. Currently SSSD cannot handle NTLM. We thought about a long time about handling NTLM, but it’s a lot of work for not so much gain… > > But others such as this > topic(https://bugzilla.redhat.com/show_bug.cgi?id=963341) seem to state that > it could be possible through gssntlmssp package. > Since Simo commented on the bug some time ago, maybe he still remembers how gssntlmssp was supposed to help there? > The reason for my question is that I'm trying to use Samba with SSSD, and its > authentication fail when the windows client falls back from kerberos to > NTLMv2 for any reason: > [2018/10/10 20:43:32.382948, 2] > ../source3/auth/auth.c:332(auth_check_ntlm_password) > check_ntlm_password: Authentication for user [myusername] -> [myusername] >FAILED with error NT_STATUS_NO_LOGON_SERVERS, authoritative=1 > [2018/10/10 20:43:32.382989, 2] > ../auth/auth_log.c:760(log_authentication_event_human_readable) > Auth: [SMB2,(null)] user [MYDOMAIN]\[myusername] at [Wed, 10 Oct 2018 >20:43:32.382980 -03] with [NTLMv2] status [NT_STATUS_NO_LOGON_SERVERS] >workstation [NTB005] remote host [ipv4:192.168.1.1:1914] mapped to >[MYDOMAIN]\[myusername]. local host [ipv4:10.1.1.1:445] > > > Is there anything I can do to make SSSD able to deal with NTLMv2/NTLMSSP? > > > _______________________________________________ > sssd-users mailing list -- sssd-users@lists.fedorahosted.org > To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org
_______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org