[Samba] Re: PPP + ntlm_auth

Andrew Bartlett abartlet at samba.org
Wed Dec 27 03:50:19 GMT 2006


On Thu, 2006-11-30 at 19:17 -0500, Sebastien wrote:
> Luis Daniel Lucio Quiroz a écrit :
> > CHAP and any other varian wont work because password does not fly accross 
> > internet, CHAP use a hash to crypt one way password and sends that to server.  
> > Because server have a hash also (no same algorithm) it fails.  If you want to 
> > use chap you must use clear text passwords on server (no hashes) but its a 
> > securrity issue
> 
> Thanks for your response Luis!
> At least, now I'm aware that there's no solution!

(just a late correction for the archives...)

Indeed, for the original CHAP there isn't a solution, but for MSCHAP,
this is meant to work, that is the point of the plugin (the AD server
holds the magic values, the hashes, required).  What user are you
running ntlm_auth as?  Can it access the winbindd privilaged pipe?

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.                  http://redhat.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20061227/9a6c3702/attachment.bin


More information about the samba mailing list