[Samba] Using ntlm_auth to authneticate to an NTLMv2 AD
Andrew Bartlett
abartlet at samba.org
Fri Mar 10 06:55:52 GMT 2006
On Thu, 2006-03-09 at 16:48 +0000, Alex Sharaz wrote:
> Chaps,
>
> I'm trying to get a radius server to authenticate to AD via the samba
> ntlm_auth program.
> If we turn down the AD auth to use ntlm then authentication works o.k.
The problem is that MSCHAPv2 is cryptographically equivalent to NTLM,
not NTLMv2 at the DC end. I suspect there is a flag we need to send to
the DC, to make it ignore it's own policy here.
Any help chasing this down gratefully appreciated: Mostly I need to see
how an MS RADIUS server would achieve the same results, but with 'secure
channel: require signing' set, rather than sealing (it is a local/domain
policy). (This will allow the collection of an ethereal trace between
the RADIUS server and the DC).
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20060310/4a4f90cf/attachment.bin
More information about the samba
mailing list