Disable strong auth samba

france · July 19, 2025, 3:00pm

NS8
Hello some time ago on neth7 , @mrmarkuz had indicated me a change to deactivate auth on smb and allow through pfsense the auth of users . To date it still works, I would like to implement it on samba in the NS8 server.
[global]
ldap server require strong auth = no ???

Running podman and entering dc1 it would be correct to execute this directive for what I asked:

echo 'ldap server require strong auth = no' >> /etc/samba/include.conf

I also ask if this compromises the current login of Windows and Linux clients or is it ignored?

mrmarkuz · July 19, 2025, 7:00pm

It’s still possible that way on the NS8 but it’s not the best for security, see https://wiki.samba.org/index.php/Configuring_LDAP_over_SSL_(LDAPS)_on_a_Samba_AD_DC#SASL_over_TLS:_A_bad_idea

Here is the command to add the option to the include.conf in the samba-dc container:

To apply the change, samba-dc needs to be restarted, see AD LDAP binding error (strong authentification required) - #5 by etique57

france · July 20, 2025, 6:00am

thank you . I know th problem of security for this parameter…but now the auth running …

france · July 21, 2025, 5:11pm

I wanted ask you , if this modify without tls , not load and not controlling a certificate on the server correct ? the credentials for auth are processing in clear text ? thank

mrmarkuz · July 21, 2025, 7:30pm

It would be more secure to use certificates and to not disable strong authentication.

Yes, if the client wants an unencrypted connection. It’s still possible to use TLS encryption.