#307 closed enhancem. (completed)
Support new options for Samba 4 plugin
Reported by: | Lewis Rosenthal | Owned by: | |
---|---|---|---|
Priority: | critical | Milestone: | |
Component: | Samba Client GUI | Version: | Samba Client GUI 2.x |
Keywords: | Cc: |
Description
We need to include support for the following options which are fully supported by the plugin under Samba 4:
Support encryption Support NLMv1 Supports EA Supports KRB5
When Kerberos auth is supported, username and password fields should be greyed out.
The need for NTLMv1 cannot be stressed strongly enough, as the default encryption in Samba 4 is now NTLMv2, and connecting to an NTLMv1 server (NetWare CIFS) will fail without this toggle.
ArcaOS will not be shipping the full NetDrive, so no Control Panel will be available. ArcaMapper will be the only GUI tool in the product.
Change History (5)
comment:1 by , 7 years ago
comment:2 by , 6 years ago
It seems that when NTLMv1 is enabled, the command passed to NetDrive is actually missing:
KRB5SUPPORT=0;NTLMv1SUPPORT=0
While the KRB5SUPPORT option may be omitted, it is essential that NTLMv1SUPPORT=0, as Samba 4 defaults to NTLMv2 otherwise (unless specifically overridden in smb.conf).
comment:3 by , 6 years ago
Hi Lewis, assuming the above is in reference to use from Arcamapper and ntlmv1support is working correctly from the full Netdrive gui?
comment:4 by , 6 years ago
Yes, exactly.
I have to fight with ArcaMapper to get to an NTLMv1 share every time, and that's the reason why.
comment:5 by , 5 years ago
Resolution: | → completed |
---|---|
Status: | new → closed |
This is now working as expected in the latest ArcaMapper builds.
Valid authentication options for the Samba 4 client plugin:
Support Kerberos5 Support Kerberos5 + Support encryption
or
Support NTLMv1
Further:
NTLMv1 cannot be used with encryption or KRB5. EA support is fine for all types of authentication and transports, as is the read-only option, and of course, creation of mountpoint, even when connection fails.
Incompatible options need to be greyed out when they conflict. So, when a connection has NTLMv1 set, KRB5 and encryption should be greyed. To make them available, NTLMv1 should be unchecked. Once either of the other two is checked, NTLMv1 should be greyed out.