[Samba] ntlm_auth and PEAP machine authentication

Andrew Bartlett abartlet at samba.org
Sun Nov 20 22:28:02 GMT 2005

On Sun, 2005-11-20 at 17:22 +0100, Norbert Wegener wrote:
> Andrew Bartlett wrote:
> >On Sat, 2005-11-19 at 17:18 +0100, Norbert Wegener wrote: 
> >  
> >
> >>At
> >>http://groups.google.de/group/mailing.unix.samba/browse_frm/thread/3806dd92303380d1/10f21511e488d8d0?lnk=st&q=ntlm_auth++%22machine+authentication%22&rnum=1&hl=de#10f21511e488d8d0
> >>the question is discussed, whether ntlm_auth can be used for machine 
> >>authentication against a Win2003/AD.
> >>and the conclusion seems to be, that it is not really clear:
> >>    
> >>
> >
> >  
> >
> >>Which credentials do I have to supply to ntlm_auth to make it work?
> >>Googling around I found something like:
> >>    
> >>
> >
> >You need Samba 3.0.21rc1 on your Samba server.
> >
> >Andrew Bartlett
> >  
> >
> I have installed that version right now, but I still get Logon failure 
> (0xc000006d), when trying to authenticate a machine.(user authentication 
> works fine)
>  What I do is:
> /usr/local/samba/bin/ntlm_auth --request-nt-key 
> --domain=TDE002.MYDOMAIN.NET --username=LNXAD$ --challenge=010203040
> 5060708 --nt-response=0102030405060708090A0B0C0D0E0F101112131415161718,
> As I do not know, how to determin a valid challenge and response, I took 
> those values from postings, I found.

The challenge is random, typically generated by PPPd/freeradius or
whatever program you wish to authenticate as a machine.  The response is
the NTLM response.  

> Is this the  reason for that behaviour? If so, how do I get valid values 
> for challenge and response? if not: What am I doing wrong?

Follow the howtos on the subject.  These particular challenge/response
values are (if you look closely) just an example (1, 2, 3, 4...),
because folks didn't want to put real password-derived values on the

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc.        http://suse.de
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20051121/41a19afa/attachment.bin

More information about the samba mailing list