[Samba] ntlm_auth doesn`t work with machine accounts

gemelli gemelli at utanet.at
Fri Apr 29 16:48:51 GMT 2005


Hello all,

I'd like to run a Wireless LAN with Windows XP Clients, FreeRADIUS,
Samba and Windows Server 2003 Active Directory. For user authentication
FreeRADIUS uses the Samba ntlm_auth tool in order to identify users from
active directory. Thereby, the ntlm_auth tool is used as shown below:

ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key
--username=%{mschap:User-Name} --challenge=%{mschap:Challenge:-00}
--nt-response=%{mschap:NT-Response:-00}"

This works well with username attributes. When username attributes are
available the format is like this: --username=DOMAIN\\User

But the problem is when a user on a client machine wants logon to
Windows, the client uses machine credentials for authentication in the
first step. If the machine authentication was successful then username
and password will be verified. 

The Windows client hands over the machine attributes to ntlm_auth so the
username format is like this: --username=host/hostname.domain.org

But in my opinion the ntlm_auth tool doesn't understand this format. So,
does anybody know how I can get this worked with machine accounts? 

I would be very grateful if anybody can help me to solve this problem.

Best regards

Peter



More information about the samba mailing list