[Sysadmins] dovecot-auth ntlm_auth - P8

mav elserv.msk.su
27 09:57:02 MSK 2018


 ,       ntlmv1,    
   .   ,   
   NTLMv2,    -  v1,  v2,    
  .    ,   - 
    tdb (  bad talloc magic value), 
        .  winbind   
  ,     .

     -     
   3-5    .

 ,    :   , 
worker/auth  dovecot 2.2.36    , ntlm_auth  7 .

 Fri, 27 Jul 2018 09:38:22 +0300   :

>   ,     .
>    
> (https://www.altlinux.org/%D0%9F%D0%BE%D1%87%D1%82%D0%BE%D0%B2%D1%8B%D0%B9_%D1%81%D0%B5%D1%80%D0%B2%D0%B5%D1%80_Postfix_Dovecot
> )  .       .
>   , .. . :)     ,
>    .  ,     Samba 4.5.0
> : "      
> MITM-      
> NTLMv1.  "ntlm auth", "lanman auth"  "raw NTLMv2 auth" 
>      "no",    
>   ,   NTLMv2 (, NTLMv1
>   MSCHAPv2  VPN  802.1x);"      
> .    NTLMv1.  ,
> , .
> https://www.opennet.ru/opennews/art.shtml?num=45098
> 
> 27.07.2018, 09:07, "Alex Moskalenko":
> 
> >  Thu, 26 Jul 2018 12:44:15 +0300
> >   :
> >   Samba?
> >> NTLMv1     v2?
> >>          Samba?
> >>   Samba NT4  NTLM  .
> >
> >
> > !
> >
> >     NT4-,    AD-
> >   .   ( 
> > )  PDC     ,   
> >    . :)
> >
> >   PDC:
> > testparm -V
> > Version 4.0.21
> >
> > smb.conf
> > [global]
> > dos charset = CP866
> > unix charset = UTF8
> > workgroup = DOMAIN
> > netbios aliases = server1, server2
> > server string = Server (PDC) (ver. %v)
> > passdb backend = ldapsam:"ldap://localhost"
> > guest account = guest
> > log file = /var/log/samba/log.%m-%L
> > max log size = 65535
> > server max protocol = NT1
> > defer sharing violations = No
> > time server = Yes
> > logon script = %U-%m.vbs
> > logon path =
> > logon home =
> > domain logons = Yes
> > os level = 254
> > preferred master = Yes
> > domain master = Yes
> > wins support = Yes
> > ldap admin dn = cn=samba,ou=Daemons,dc=example,dc=com
> > ldap group suffix = ou=Groups
> > ldap idmap suffix = ou=Idmap
> > ldap machine suffix = ou=Computers,ou=Accounts
> > ldap passwd sync = yes
> > ldap suffix = dc=example,dc=com
> > ldap user suffix = ou=Users,ou=Accounts
> > winbind enum users = Yes
> > winbind enum groups = Yes
> > idmap config * : range = 10000-50000
> > ldapsam:trusted = yes
> > idmap config * : backend = ldap:"ldap://localhost"
> > map acl inherit = Yes
> > cups options = raw
> > map archive = No
> > map readonly = no
> > store dos attributes = Yes
> > vfs objects = acl_xattr, streams_xattr
> >
> >
> >    -  4.6.15.   winbindd 
> > //  .   ntlm_auth.
> >
> >
> > PS     ? ,    ...


Sysadmins