IBM Support

IBM AIX: smbc.rte Kerberos authentication requirement

Question & Answer


Question

Does the AIX® SMB 2 and SMB 3 client support authentication methods other than Kerberos?

Answer

The AIX SMB 2 and SMB 3 clients are designed to support only Kerberos. Both NTLMv1 and NTLMv2 have security flaws that can compromise shares, accounts, and systems, whereas Kerberos does not. Furthermore, Microsoft encourages their clients to move from NTLM to Kerberos.
By default, Active Directory environments support Kerberos. Local Windows users that are not part of an Active Directory domain cannot be used.
Some environments, such as Samba on Linux®, are often configured to support only NTLM. If Kerberos support in such environments is not feasible, use NFS as an alternative.
To configure Kerberos on AIX, you must have this information.
  • The Kerberos server name (in an Active Directory environment, this is the Active Directory server name)
  • The Kerberos realm name (in an Active Directory environment, this is the Active Directory domain name)
  • The DNS domain name of the Kerberos server
Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation
in the United States, other countries, or both.
The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation,
the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.

SUPPORT:

If the instructions in this document do not lead to resolution of the problem, follow these instructions to open a case.  The product must be under warranty or have an active and valid support contract.

a.  Document or take screen captures of all symptoms, errors, or messages.

b.  Capture any logs or data relevant to the issue.

c.  Contact IBM® to open a case.

   -For electronic support, visit the IBM Support Community:
     https://www.ibm.com/mysupport
   -If you require telephone support, visit this web page:
      https://www.ibm.com/planetwide/

d.  Provide a detailed description of the issue and reference this technote.

e.  Upload all of the details and data to the case.

   -You can attach files to the case in the IBM Support Community, or
   -Upload data to IBM test case server analysis at this URL:

    http://www.ibm.com/support/docview.wss?uid=ibm10733581

f.  Click here to submit feedback for this document.

[{"Line of Business":{"code":"LOB08","label":"Cognitive Systems"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG10","label":"AIX"},"ARM Category":[{"code":"a8m0z000000cvx1AAA","label":"Communication Applications-\u003ECIFS\/SMB"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version(s)"}]

Document Information

Modified date:
20 September 2024

UID

ibm16327423

Page Feedback