[Samba] PPP + ntlm_auth
Luis Daniel Lucio Quiroz
dlucio at okay.com.mx
Thu Nov 30 21:45:45 GMT 2006
CHAP and any other varian wont work because password does not fly accross
internet, CHAP use a hash to crypt one way password and sends that to server.
Because server have a hash also (no same algorithm) it fails. If you want to
use chap you must use clear text passwords on server (no hashes) but its a
securrity issue
Le mardi 28 novembre 2006 15:52, Sebastien a écrit :
> Hello,
>
> I'm trying to authenticate PPP (in fact l2tp...) users with Active
> Directory (windows server 2003 DCs, mixed-mode domain) using winbind /
> ntlm_auth. I'm using Samba 3.0.22, PPP 2.4.3, Kerberos 1.3.6, with
> Trustix 2.2
>
> What works :
> - krb5kinit (and krb5klist -e)
> - net ads join
> - wbinfo -u, wbinfo -g, wbinfo -a user%pwd, wbinfo -p, wbinfo -t and
> wbinfo -m
> - getent passwd and getent group
> - ntlm_auth --username=user --domain=domain.x.y
> - ntlm_auth --username=user --domain=domain.x.y --request-lm-key
> - ntlm_auth --username=user --domain=domain.x.y --request-nt-key
> - authentication through ppp (mschap-v2 with chap-secrets)
>
> What is not working :
> - ntlm_auth --username=user --domain=domain.x.y --diagnostics (and every
> other variation...)
> - authentication through ppp (mschap-v2 with winbind plugin)
>
> I verified the paths to ntlm_auth in the options.l2tpd file, and it's
> ok. In the logs, it only says that the host failed CHAP authentication.
> The error code for ntlm_auth is 6A (wrong password)
>
> Anyone has an idea?
> Thanks in advance!
>
> Sebastien
More information about the samba
mailing list