[Samba] MSCHAPv2 and NTLMv2

Andrew Bartlett abartlet at samba.org
Fri Mar 10 21:11:32 GMT 2006


On Fri, 2006-03-10 at 11:10 -0800, Raj Talwar wrote:
> Is it possible to use NTLMv2 with MSCHAPv2 (using ntlm_auth and winbindd). What do I need to put in the smb.conf to make this work. 

MSCHAPv2 is encryption compatible with NTLM, not NTLMv2.  (It simply
changes how the 8-byte LM challenge is prepared, and removes the LM
response).

The client cannot (while sending a valid MSCHAPv2 response) us the
NTLMv2 crypto.

However, if as I suspect the issue regards the policy settings which
appear to allow MSCHAPv2 from a windows RADIUS server, but not a Samba
ntlm_auth/winbind server, to a domain allowing only NTLMv2
authentication, then I remain stumped.  See my mail earlier today.

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20060311/97844a76/attachment.bin


More information about the samba mailing list