[Samba] freeradius + NTLM + samba AD 4.5.x
Jonathan Hunter
jmhunter1 at gmail.com
Mon Mar 26 21:09:23 UTC 2018
On 26 March 2018 at 21:38, Kacper Wirski via samba <samba at lists.samba.org>
wrote:
>
> While using "ntlm auth = yes" I was getting in audit log
> Authentication_passwordType = NTLMv1, but with ntlm auth =
> ntlmv2-and-mschap2-only audit log shows Authentication_passwordType as
> "MSCHAP2"
>
> Thanks.
(FYI - the correct parameter is 'mschapv2-and-ntlmv2-only' :) )
With ntlm-auth set to this, I get '[NTLMv1] status
[NT_STATUS_WRONG_PASSWORD]'.
Setting back to 'ntlm-auth=yes' in smb.conf, I get '[NTLMv1] status
[NT_STATUS_OK]' and things work again.
Adding 'ntlm-auth=yes' to a newly included (via 'include = smb.conf.%I')
file called "smb.conf.127.0.0.1" doesn't help me, since ntlm-auth talks to
winbindd as far as I can see, and therefore that new config file is never
used.
Kacper - what do you have in your freeradius config, in terms of your
ntlm_auth command line?
Cheers
Jonathan
--
"If we knew what it was we were doing, it would not be called research,
would it?"
- Albert Einstein
More information about the samba
mailing list