Oliver Poths
2007-Dec-11 11:13 UTC
[Samba] ntlm_auth only supports ntlmv1 and not ntlmv2 ?
Hello,
i set up a squid proxy that should authenticate users against a samba PDC using
winbind.
It works fine as long i allow ntlmv1:
on the PDC:
ntlm auth = yes
lanman auth = no
client ntlmv2 auth = yes
If i restrict the domains authentication method to ntlmv2 - that's what i
want - with these settings:
ntlm auth = no
lanman auth = no
client ntlmv2 auth = yes
i get this error in the logs:
ntlm_password_check: NTLMv1 passwords NOT PERMITTED for user willi
[2007/11/19 19:41:09, 3] libsmb/ntlm_check.c:ntlm_password_check(356)
ntlm_password_check: NEITHER LanMan nor NT password supplied for user willi
The proxy denies access of course.
So is this a limitation of ntlm_auth ?
Is it somehow possible to get ntlmv2 working ?
The used Version is winbind package from debian etch 3.0.24-6etch8.
Best Wishes,
Oliver
--
LinSoft GmbH
Feldstra?e 20
65326 Aarbergen
http://www.linsoft.de
*****************************************
Professional Linux Systems and Services
*****************************************
Sitz : Feldstra?e 20, 65326 Aarbergen
Gesch?ftsf?hrer : Oliver Poths
Registergericht : Wiesbaden HRB 16647
Andrew Bartlett
2007-Dec-12 01:49 UTC
[Samba] ntlm_auth only supports ntlmv1 and not ntlmv2 ?
On Tue, 2007-12-11 at 11:02 +0100, Oliver Poths wrote:> Hello, > > i set up a squid proxy that should authenticate users against a samba PDC using winbind. > It works fine as long i allow ntlmv1: > on the PDC: > ntlm auth = yes > lanman auth = no > client ntlmv2 auth = yes > > > If i restrict the domains authentication method to ntlmv2 - that's what i want - with these settings: > > ntlm auth = no > lanman auth = no > client ntlmv2 auth = yes > > i get this error in the logs: > ntlm_password_check: NTLMv1 passwords NOT PERMITTED for user willi > [2007/11/19 19:41:09, 3] libsmb/ntlm_check.c:ntlm_password_check(356) > ntlm_password_check: NEITHER LanMan nor NT password supplied for user willi > > The proxy denies access of course. > > So is this a limitation of ntlm_auth ? > Is it somehow possible to get ntlmv2 working ? > The used Version is winbind package from debian etch 3.0.24-6etch8.ntlm_auth, squid and winbind are all proxies in this game. The client is in fact the workstation where the request originates, and this must be forced to send NTLMv2 only. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20071212/7edc7465/attachment.bin