[Samba] ntlm_auth only supports ntlmv1 and not ntlmv2 ?

Andrew Bartlett abartlet at samba.org
Wed Dec 12 01:49:28 GMT 2007

On Tue, 2007-12-11 at 11:02 +0100, Oliver Poths wrote:
> Hello,
> i set up a squid proxy that should authenticate users against a samba PDC using winbind.
> It works fine as long i allow ntlmv1:
> on the PDC:
>   ntlm auth          = yes
>   lanman auth        = no
>   client ntlmv2 auth = yes
> If i restrict the domains authentication method to ntlmv2 - that's what i want - with these settings:
>   ntlm auth          = no
>   lanman auth        = no
>   client ntlmv2 auth = yes
> i get this error in the logs:
>   ntlm_password_check: NTLMv1 passwords NOT PERMITTED for user willi
>   [2007/11/19 19:41:09, 3] libsmb/ntlm_check.c:ntlm_password_check(356)
>     ntlm_password_check: NEITHER LanMan nor NT password supplied for user willi
> The proxy denies access of course.
> So is this a limitation of ntlm_auth ?
> Is it somehow possible to get ntlmv2 working ?
> The used Version is winbind package from debian etch 3.0.24-6etch8.

ntlm_auth, squid and winbind are all proxies in this game.  The client
is in fact the workstation where the request originates, and this must
be forced to send NTLMv2 only.

Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20071212/7edc7465/attachment.bin

More information about the samba mailing list