[Samba] [EXTERNAL] Fwd: ntlm_auth and freeradius
Kees van Vloten
keesvanvloten at gmail.com
Tue Apr 4 07:37:26 UTC 2023
Op 04-04-2023 om 00:32 schreef Andrew Bartlett:
> On Mon, 2023-04-03 at 15:08 +0000, Tim ODriscoll via samba wrote:
>> Unfortunately it's still erroring out:
>> (7) mschap: Creating challenge hash with username: host/SL-6S4BBS3.MYDOMAIN.co.uk
>> (7) mschap: Client is using MS-CHAPv2
>
> Is this set as a UPN (with the realm appended) on the user?
>
In my environment (where samba + freeradius + wifi connect with machine
account works), there is no UPN set on the machine account, just a set
of SPNs:
servicePrincipalName: HOST/myhost.example.com
servicePrincipalName: RestrictedKrbHost/myhost.example.com
servicePrincipalName: HOST/MYHOST
servicePrincipalName: RestrictedKrbHost/BARTOK
servicePrincipalName: WSMAN/myhost.example.com
servicePrincipalName: WSMAN/myhost
servicePrincipalName: TERMSRV/myhost.example.com
servicePrincipalName: TERMSRV/MYHOST
One of which does match with the username in Tim's output, btw. I have
seen exactly the same username format while I was setting this up around
a month ago.
- Kees.
> --
> Andrew Bartlett (he/him)https://samba.org/~abartlet/
> Samba Team Member (since 2001)https://samba.org
> Samba Developer, Catalyst IThttps://catalyst.net.nz/services/samba
>
More information about the samba
mailing list