[Samba] Urgent Samba / Squid NTLM Auth Problems
abartlet at samba.org
Thu Nov 10 11:28:27 GMT 2005
On Thu, 2005-11-10 at 08:44 +0200, Dave Raven wrote:
> Hi again all,
> I have a few questions regarding NTLMv2. Do you have to be in a
> domain for NTLMv2 authentication to work (specifically through a program
> like squid). I found an article that says:
> "These computers will use Kerberos when they are communicating with Active
> Directory and the members of Active Directory. When these computers are in a
> workgroup, they will use NTLMv2."
> Also, when I am not in the same domain (or when I am) I see the following
> from ntlm_auth:
> Got 'YR TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAFASgKAAAADw==' from squid
> (length: 59).
> As far as I understand it that is NTLMv2 - or not? I also see
> Got NTLMSSP neg_flags=0xa2088207
> Which specifies NTLM2. Does that mean my negotiation is working properly?
No. NTLM2 (modified challenge, which is what the flag is for) and
NTLMv2 are different.
> The main problem is that I am getting a NT_STATUS_WRONG_PASSWORD always, and
> am trying to decipher why... It still happens when I'm in the domain.
> The way this all started happening was after turning 'Network security: LAN
> Manager authentication level' to be 'Send NTLMv2 response only/refuse LM &
Is this configured on your clients? Does it show up in the effective
Also, are you still getting len2=24 in current debug traces? This
indicates that NTLMv2 is not in use.
> [2005/11/09 22:21:04, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(606)
> Got user=[ianb] domain=[MASTERMIND] workstation=[LUCY] len1=24 len2=24
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20051110/ec36e029/attachment.bin
More information about the samba