[Samba] NTLM auth, better on a DC or on a DM?

Rowland Penny rpenny at samba.org
Mon Sep 10 14:53:56 UTC 2018


On Mon, 10 Sep 2018 10:05:32 -0400
Gaiseric Vandal via samba <samba at lists.samba.org> wrote:

> Would squid and freeradius support LDAP authentication with AD ?   I 
> don't know if you are using NTLM or NTLMv2.
> 

Yes, they both support ldap authentication, this is why, even though by
default NTLMv1 is now turned off, there is an option to turn it on for
this very reason: mschapv2-and-ntlmv2-only

Reading the man page has this:

mschapv2-and-ntlmv2-only - Only allow NTLMv1 when the client promises
that it is providing MSCHAPv2 authentication (such as the ntlm_auth
tool).

Rowland




More information about the samba mailing list