Microsoft is reducing dependencies on NTLM, kerberos is prefered.
Should be great to include Kerberos librairies to Clonezilla Live : packages "krb5-user" and "libsasl2-modules-gssapi-mit".
Best Regards.
Olivier
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Thanks for this suggestion. They are added in testing Clonezilla live, i..e, >= 3.2.2-10 or 20250604-*: https://clonezilla.org/downloads.php
Please test it and let us know the results.
Please also share how you use this if you can. Thanks.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Use:
We use Clonezilla to deploy our OS images, Linux and Windows. Clonezilla (vmlinux, initrd.img and filesystem.squashfs) is loaded by PXE (shimx – grubx to be compatible SecureBoot).
The imaging process is delegated on technical support on site, which can personalize the Linux OS and backup them. All OS Images are stored on a centralized NAS connected to Microsoft Active Directory.
All computers are present on a database and all OS images are listed on this database and can be attributed as a job to a computer. The next time the computer boot on network Clonezilla is loaded. We have a “ocs_prerun” script which queries the database to take the job and restore the selected image to the computer. The OS image is read from the NAS with a technical account.
The “ocs_prerun” script can run interactively without a programmed job. This feature is protected asking the technical support their personal Active Directory account. Once authenticated they can manually restore their OS Images.
Right now, the NAS is mounted with NTLMv2 authentication.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi,
Microsoft is reducing dependencies on NTLM, kerberos is prefered.
Should be great to include Kerberos librairies to Clonezilla Live : packages "krb5-user" and "libsasl2-modules-gssapi-mit".
Best Regards.
Olivier
Thanks for this suggestion. They are added in testing Clonezilla live, i..e, >= 3.2.2-10 or 20250604-*:
https://clonezilla.org/downloads.php
Please test it and let us know the results.
Please also share how you use this if you can. Thanks.
Thank you for taking the suggestion.
With Clonezilla 3.2.2-10 I can obtain a TGT with the command :
With this TGT I can obtain a TGS when I mount our NAS :</realm></username>
And finally I can remove every Kerbeors ticket:</mountpoint></smb>
kdestroy
Everything work fine
Thanks
Use:
We use Clonezilla to deploy our OS images, Linux and Windows. Clonezilla (vmlinux, initrd.img and filesystem.squashfs) is loaded by PXE (shimx – grubx to be compatible SecureBoot).
The imaging process is delegated on technical support on site, which can personalize the Linux OS and backup them. All OS Images are stored on a centralized NAS connected to Microsoft Active Directory.
All computers are present on a database and all OS images are listed on this database and can be attributed as a job to a computer. The next time the computer boot on network Clonezilla is loaded. We have a “ocs_prerun” script which queries the database to take the job and restore the selected image to the computer. The OS image is read from the NAS with a technical account.
The “ocs_prerun” script can run interactively without a programmed job. This feature is protected asking the technical support their personal Active Directory account. Once authenticated they can manually restore their OS Images.
Right now, the NAS is mounted with NTLMv2 authentication.
Great. Thanks for sharing that. It's nice to know you can make good use of the ocs_prerun mechanism.