Hi all, I'm trying to use ntlm_auth as authenticator of the freeradius mschap module. If I use ntlm_auth from command line with username and password, authentication works. If I use the same credentials with mschap on the logs I can see the challenge and nt-response and I can't understand if authentication fails because challenge and response are wrong or because ntlm_auth can't authenticate for a winbind/samba configuration problem. Finally the question: how can I get valid challenge and nt-response strings to pass to ntlm_auth to see if ntlm auth works using challenge and nt-response options? Can you please tell me some trick to debug the problem? Piviul
L.P.H. van Belle
2020-Jul-09 06:46 UTC
[Samba] ntlm_auth how to get challenge and nt-response
Hai Piviul, Have you seen this? https://wiki.samba.org/index.php/Authenticating_Freeradius_against_Active_Directory Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Piviul via samba > Verzonden: woensdag 8 juli 2020 15:48 > Aan: samba at lists.samba.org > Onderwerp: [Samba] ntlm_auth how to get challenge and nt-response > > Hi all, I'm trying to use ntlm_auth as authenticator of the > freeradius > mschap module. If I use ntlm_auth from command line with username and > password, authentication works. If I use the same credentials with > mschap on the logs I can see the challenge and nt-response > and I can't > understand if authentication fails because challenge and response are > wrong or because ntlm_auth can't authenticate for a winbind/samba > configuration problem. > > Finally the question: how can I get valid challenge and nt-response > strings to pass to ntlm_auth to see if ntlm auth works using > challenge > and nt-response options? > > Can you please tell me some trick to debug the problem? > > Piviul > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >
L.P.H. van Belle via samba ha scritto il 09/07/20 alle 08:46:> Hai Piviul, > > Have you seen this? > https://wiki.samba.org/index.php/Authenticating_Freeradius_against_Active_Directoryyes, thank you very much. I think the problem is tied to the lack of ntlm auth = mschapv2-and-ntlmv2-only in the smb.conf of the DC. I can't modify the DC... there is another way to configure freeradius to authenticate to AD users? Piviul
L.P.H. van Belle
2020-Jul-09 10:09 UTC
[Samba] ntlm_auth how to get challenge and nt-response
Hai, Yes, with Ldap auth or Kerberos auth it should also be possible. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Piviul via samba > Verzonden: donderdag 9 juli 2020 11:50 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] ntlm_auth how to get challenge and nt-response > > L.P.H. van Belle via samba ha scritto il 09/07/20 alle 08:46: > > Hai Piviul, > > > > Have you seen this? > > > https://wiki.samba.org/index.php/Authenticating_Freeradius_aga > inst_Active_Directory > yes, thank you very much. I think the problem is tied to the lack of > ntlm auth = mschapv2-and-ntlmv2-only in the smb.conf of the > DC. I can't > modify the DC... there is another way to configure freeradius to > authenticate to AD users? > > Piviul > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >