[Samba] [EXTERNAL] Fwd: ntlm_auth and freeradius

Kees van Vloten keesvanvloten at gmail.com
Tue Apr 4 07:37:26 UTC 2023

Op 04-04-2023 om 00:32 schreef Andrew Bartlett:
> On Mon, 2023-04-03 at 15:08 +0000, Tim ODriscoll via samba wrote:
>> Unfortunately it's still erroring out:
>> (7) mschap: Creating challenge hash with username: host/SL-6S4BBS3.MYDOMAIN.co.uk
>> (7) mschap: Client is using MS-CHAPv2
> Is this set as a UPN (with the realm appended) on the user?
In my environment (where samba + freeradius + wifi connect with machine 
account works), there is no UPN set on the machine account, just a set 
of SPNs:

servicePrincipalName: HOST/myhost.example.com
servicePrincipalName: RestrictedKrbHost/myhost.example.com
servicePrincipalName: HOST/MYHOST
servicePrincipalName: RestrictedKrbHost/BARTOK
servicePrincipalName: WSMAN/myhost.example.com
servicePrincipalName: WSMAN/myhost
servicePrincipalName: TERMSRV/myhost.example.com
servicePrincipalName: TERMSRV/MYHOST

One of which does match with the username in Tim's output, btw. I have 
seen exactly the same username format while I was setting this up around 
a month ago.

- Kees.

> -- 
> Andrew Bartlett (he/him)https://samba.org/~abartlet/
> Samba Team Member (since 2001)https://samba.org
> Samba Developer, Catalyst IThttps://catalyst.net.nz/services/samba

More information about the samba mailing list