[Samba] ntlm_auth and PEAP machine authentication

Andrew Bartlett abartlet at samba.org
Thu Oct 6 09:09:15 GMT 2005


On Wed, 2005-10-05 at 22:12 -0400, Matthew Alexander wrote:
> Mike McCauley of OSC/Radiator provided me with this "quick and dirty fix":
> 
> in samba/source/rpc_client/cli_netlogon.c,
> cli_netlogon_sam_network_logon() function
> the param_ctrl flags passed to init_id_info2() are always set to 0 but
> should be set to 0x800 (MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT)
> to enable machine authentication.
> 
> Although kind of a shortcut, it works great if you need machine auth.  Maybe 
> it can help someone else?

Ooh, that's a gem!  Now I have a dozen more flags to add to my SAMLOGON
torture test :-)

This also looks like it might assist in implementing other behaviours.

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc.        http://suse.de
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20051006/0d521d11/attachment.bin


More information about the samba-technical mailing list