Re: [Samba] Samba, AD and devices compatibility...
- Date: Wed, 14 Mar 2018 06:59:01 +1300
- From: Andrew Bartlett via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] Samba, AD and devices compatibility...
On Tue, 2018-03-13 at 12:17 +0100, Marco Gaiarin via samba wrote:
> I'm trying to test/move some of my LDAP-enabled devices from my actual
> OpenLDAP server(s) to my new samba AD domain.
> For now, i'm poking with printers, and i'm testing a Konica-Minolta
> BizHub C224e.
> Defining user autentication to external source, i can set (between
> LDAP, NTLM, NDS, ...) 'Active Directory', and i can/must provide the
> domain naime.
> After that, DNS and kerberos seems to work, but actual auth no:
> This mean that the printer try to auth in LDAP 'plain' (no SSL, no
> TLS), and so samba refuse that?
No, it means that Samba is refusing to accept a NTLM or Kerberos
authenticated connection without SIGN or SEAL negotiated, as an
attacker could take over an unprotected network connection and do evil
things with it.
See 'ldap server require strong auth'.
I hope this helps,
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
To unsubscribe from this list go to the following URL and read the