samba - Oct 2005 - ntlm_auth and PEAP machine authentication

I am trying to use ntlm_auth for machine authentication requests against a
Win2003/AD from my RADIUS server.  Normal, user authentication works fine, but
not machine authentication.  The username passed from RADIUS to ntlm-auth looks
like host/pcname123.  I'm wondering if the "/" is killing it?  The
ntlm_auth man page says that it expects only Samba's unix charset.

Does anyone have any ideas about how I can accomplish this?  Thanks.

On Sun, 2005-10-02 at 11:25 -0400, Matthew Alexander
wrote:
> I am trying to use ntlm_auth for machine authentication requests
> against a Win2003/AD from my RADIUS server.  Normal, user 
> authentication works fine, but not machine authentication.  
> The username passed from RADIUS to ntlm-auth looks like host/pcname123.  
> I'm wondering if the "/" is killing it?  The ntlm_auth man
page says
> that it expects only Samba's unix charset.  
> 
> Does anyone have any ideas about how I can accomplish this?  Thanks.
Machine accounts are a problem because historically, they were not
permitted to login with NTLMSSP.  This appears to have changed, but
there must be some flag that windows domain members set, to change this
behaviour.  I don't know what this is at this stage, so I either need to
see this done to a windows DC, by a windows VPN server (with a system
policy of 'secure channel: sign'), or try random things till it works...

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc.        http://suse.de
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :
http://lists.samba.org/archive/samba/attachments/20051003/6b6fb3a1/attachment.bin