[Samba] ntlm_auth and PEAP machine authentication
abartlet at samba.org
Sun Nov 20 22:28:02 GMT 2005
On Sun, 2005-11-20 at 17:22 +0100, Norbert Wegener wrote:
> Andrew Bartlett wrote:
> >On Sat, 2005-11-19 at 17:18 +0100, Norbert Wegener wrote:
> >>the question is discussed, whether ntlm_auth can be used for machine
> >>authentication against a Win2003/AD.
> >>and the conclusion seems to be, that it is not really clear:
> >>Which credentials do I have to supply to ntlm_auth to make it work?
> >>Googling around I found something like:
> >You need Samba 3.0.21rc1 on your Samba server.
> >Andrew Bartlett
> I have installed that version right now, but I still get Logon failure
> (0xc000006d), when trying to authenticate a machine.(user authentication
> works fine)
> What I do is:
> /usr/local/samba/bin/ntlm_auth --request-nt-key
> --domain=TDE002.MYDOMAIN.NET --username=LNXAD$ --challenge=010203040
> 5060708 --nt-response=0102030405060708090A0B0C0D0E0F101112131415161718,
> As I do not know, how to determin a valid challenge and response, I took
> those values from postings, I found.
The challenge is random, typically generated by PPPd/freeradius or
whatever program you wish to authenticate as a machine. The response is
the NTLM response.
> Is this the reason for that behaviour? If so, how do I get valid values
> for challenge and response? if not: What am I doing wrong?
Follow the howtos on the subject. These particular challenge/response
values are (if you look closely) just an example (1, 2, 3, 4...),
because folks didn't want to put real password-derived values on the
Andrew Bartlett http://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc. http://suse.de
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20051121/41a19afa/attachment.bin
More information about the samba