[Freeipa-users] samba vs ipa without kerberos
Simo Sorce
simo at redhat.com
Fri Jul 3 16:14:33 UTC 2015
On Fri, 2015-07-03 at 12:24 +0200, Christoph Kaminski wrote:
> Hi
>
> it is possible (without extra patch/schema extension) to use samba shares
> without kerberos? Possibly is there something like a auth proxy for it? I
> mean the user authenticates with a password and the proxy checks it
> securly against ipa...
> any howtos/docs/ideas?
You misunderstand how SMB authentication works.
You have only 2 options: NTLM or Kerberos, neither sends the password in
the clear to samba, so there is no proxy you can build, they are both
MITM resistant protocols.
Simo.
> (have ipa 4.1 and samba 4.1.12 here)
>
> Greetz
> Christoph Kaminski
>
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-users
mailing list