Added MSV1_0_ALLOW_MSVCHAPV2 flag to ntlm_auth

github at github at
Mon Jan 18 11:15:14 UTC 2016

New comment by mcnewton on Samba Github repository
@abartlet - I updated FreeRADIUS last year to use libwbclient directly so no need to communicate ntlm_auth at all now (see So @qnet-herwin has added the WBC_MSV1_0_ALLOW_MSVCHAPV2 flag to the wbcCtxAuthenticateUserEx call there. It seems to work much faster than execing ntlm_auth each time. :-)

Could just do with an option to disable all of winbind's UID mapping/caching to remove another overhead, but haven't had time to look at this.

Aside from historical reasons and people using old software, the only reason for FreeRADIUS to use ntlm_auth now is for password changes (which uses the ntlm-change-password-1 mode), but this could also be able to be changed to use libwbclient as well at some point.


More information about the samba-technical mailing list