Project

General

Profile

Actions

Feature #1121

closed

smbsrv should use SPNEGO (outbound authentication)

Added by Gordon Ross almost 11 years ago. Updated almost 11 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
-
Start date:
2011-06-17
Due date:
% Done:

0%

Estimated time:
Difficulty:
Medium
Tags:
needs-triage
Gerrit CR:

Description

When smbsrv connects to AD servers for authentication work, it uses old security protocols. This can cause some AD servers to refuse connections from this server.
(See: http://support.microsoft.com/kb/942564 )

The authentication support in libsmbfs already supports SPNEGO (a.k.a. "extended security") so this feature will replace the smbsrv "smbrdr" library with a thin "shim" on libsmbfs.

Note: the inbound side of this problem is issue 1122
https://www.illumos.org/issues/1122

Actions #1

Updated by Gordon Ross almost 11 years ago

  • Status changed from In Progress to Resolved
changeset:   13396:c1f01cd09a07
tag:         tip
user:        Gordon Ross <gwr@nexenta.com>
date:        Thu Jul 07 13:45:10 2011 -0400
description:
    1121 smbsrv should use SPNEGO (outbound authentication)
    Reviewed by: Albert Lee <trisk@nexenta.com>
    Reviewed by: Garrett D'Amore <garrett@nexenta.com>
    Reviewed by: Robert Gordon <rbg@openrbg.com>
    Approved by: Garrett D'Amore <garrett@nexenta.com>
Actions

Also available in: Atom PDF