Added MSV1_0_ALLOW_MSVCHAPV2 flag to ntlm_auth
github at samba.org
github at samba.org
Mon Jan 18 11:15:14 UTC 2016
New comment by mcnewton on Samba Github repository
https://github.com/samba-team/samba/pull/45#issuecomment-172500780
Comment:
@abartlet - I updated FreeRADIUS last year to use libwbclient directly so no need to communicate ntlm_auth at all now (see https://github.com/FreeRADIUS/freeradius-server/blob/v3.0.x/src/modules/rlm_mschap/auth_wbclient.c#L123). So @qnet-herwin has added the WBC_MSV1_0_ALLOW_MSVCHAPV2 flag to the wbcCtxAuthenticateUserEx call there. It seems to work much faster than execing ntlm_auth each time. :-)
Could just do with an option to disable all of winbind's UID mapping/caching to remove another overhead, but haven't had time to look at this.
Aside from historical reasons and people using old software, the only reason for FreeRADIUS to use ntlm_auth now is for password changes (which uses the ntlm-change-password-1 mode), but this could also be able to be changed to use libwbclient as well at some point.
Cheers,
Matthew
More information about the samba-technical
mailing list