[Samba] Re: ntlm_auth
Kai Blin
kai at samba.org
Tue Mar 18 14:31:59 GMT 2008
Dean, Barry <B.Dean <at> liverpool.ac.uk> writes:
> Now when I test "ntlm_auth" I get the following odd goings on:
>
> Scenario A: Works
>
> Type: ntlm_auth --username=USER --password=PASSWORD --domain=DOMAIN
> Result: NT_STATUS_OK: Success (0x0)
>
> Scenario B: FAILS
>
> Type: ntlm_auth --username=USER --domain=DOMAIN
> password: <PASSWORD>
>
> Result: NT_STATUS_WRONG_PASSWORD: Wrong Password (0xc000006a)
>
> What's different about the password handling between A and B?
That's a good question. I'm currently looking into that.
> The upshot is that the command issued by FreeRADIUS:
>
> ntlm_auth = "/usr/sfw/bin/ntlm_auth --request-nt-key --username=
> %{Stripped-User-Name:-%{User-Name:-None}} --challenge=%{mschap:Challenge:-00}
-- nt-response=%{mschap:NT-Response:-00}"
>
> the %{} bits become a basic domain free user name, eg "user", and some long
Hex strings...
>
> Also fails.
That's a completely different ntlm_auth mode. I'll check that as well, though.
> So my MSCHAPv2 auth is now broken.
What version of Samba is this again?
Cheers,
Kai
--
Kai Blin
WorldForge developer http://www.worldforge.org/
Wine developer http://wiki.winehq.org/KaiBlin
Samba team member http://www.samba.org/samba/team/
--
Will code for cotton.
More information about the samba
mailing list