[Samba] Re: PPP + ntlm_auth

Leclerc Sébastien sebleclerc at globetrotter.net
Thu Dec 28 17:01:32 GMT 2006


Hi,
I resolved my problem by using radius, but I think ntlm_auth was running
as root (called by ppp ???).  I verified the access to the privileged
pipe, and it was accessible to root (quite normal, as far as I know...)

Thanks for your help
-------------- next part --------------
On Thu, 2006-11-30 at 19:17 -0500, Sebastien wrote:
> Luis Daniel Lucio Quiroz a ?crit :
> > CHAP and any other varian wont work because password does not fly accross 
> > internet, CHAP use a hash to crypt one way password and sends that to server.  
> > Because server have a hash also (no same algorithm) it fails.  If you want to 
> > use chap you must use clear text passwords on server (no hashes) but its a 
> > securrity issue
> 
> Thanks for your response Luis!
> At least, now I'm aware that there's no solution!

(just a late correction for the archives...)

Indeed, for the original CHAP there isn't a solution, but for MSCHAP,
this is meant to work, that is the point of the plugin (the AD server
holds the magic values, the hashes, required).  What user are you
running ntlm_auth as?  Can it access the winbindd privilaged pipe?

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.                  http://redhat.com


More information about the samba mailing list