Displaying 8 results from an estimated 8 matches for "6s4bbs3".
2023 Apr 03
1
ntlm_auth and freeradius
...nbindd_privileged/
# ntlm_auth --username=tim.odriscoll
Password:
: (0x0)
Samba's config has this on the member (FR) server and all the DCs:
ntlm auth = mschapv2-and-ntlmv2-only
But I'm getting this back from FreeRADIUS:
(7) mschap: Creating challenge hash with username: host/SL-6S4BBS3.MYDOMAIN.co.uk
(7) mschap: Client is using MS-CHAPv2
(7) mschap: Executing: /usr/bin/ntlm_auth --request-nt-key --username=%{mschap:User-Name} --allow-mschapv2 --domain=lambrook --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}:
(7) mschap: EXPAND --username=%{mschap:User-...
2023 Apr 03
2
Fwd: ntlm_auth and freeradius
...: (0x0)
You already did the thing I asked below...
> Samba's config has this on the member (FR) server and all the DCs:
> ntlm auth = mschapv2-and-ntlmv2-only
>
> But I'm getting this back from FreeRADIUS:
> (7) mschap: Creating challenge hash with username: host/SL-6S4BBS3.MYDOMAIN.co.uk
> (7) mschap: Client is using MS-CHAPv2
> (7) mschap: Executing: /usr/bin/ntlm_auth --request-nt-key --username=%{mschap:User-Name} --allow-mschapv2 --domain=lambrook --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}:
> (7) mschap: EXPAND --username...
2023 Apr 03
2
[EXTERNAL] Fwd: ntlm_auth and freeradius
...were almost identical, so I've tweaked them so that they are now exactly the same as yours except for the "--require-membership-of=example\authorization_groupname" line in ntlm_auth.
Unfortunately it's still erroring out:
(7) mschap: Creating challenge hash with username: host/SL-6S4BBS3.MYDOMAIN.co.uk
(7) mschap: Client is using MS-CHAPv2
(7) mschap: Executing: /usr/bin/ntlm_auth --request-nt-key --username=%{%{mschap:User-Name}:-00} --allow-mschapv2 --domain=MYDOMAIN --challenge=%{%{mschap:Challenge}:-00} --nt-response=%{%{mschap:NT-Response}:-00}:
(7) mschap: EXPAND --username=%...
2023 Apr 03
2
ntlm_auth and freeradius
...ame=tim.odriscoll
> Password:
> : (0x0)
>
> Samba's config has this on the member (FR) server and all the DCs:
> ntlm auth = mschapv2-and-ntlmv2-only
>
> But I'm getting this back from FreeRADIUS:
> (7) mschap: Creating challenge hash with username: host/SL-6S4BBS3.MYDOMAIN.co.uk
> (7) mschap: Client is using MS-CHAPv2
> (7) mschap: Executing: /usr/bin/ntlm_auth --request-nt-key --username=%{mschap:User-Name} --allow-mschapv2 --domain=lambrook --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}:
> (7) mschap: EXPAND --username...
2023 Apr 03
2
[EXTERNAL] Fwd: ntlm_auth and freeradius
On Mon, 2023-04-03 at 15:08 +0000, Tim ODriscoll via samba wrote:
> Unfortunately it's still erroring out:
> (7) mschap: Creating challenge hash with username: host/SL-6S4BBS3.MYDOMAIN.co.uk
> (7) mschap: Client is using MS-CHAPv2
Is this set as a UPN (with the realm appended) on the user?
--
Andrew Bartlett (he/him) https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Developer, Catalyst IT https://catalyst.net.nz/services/samba
2023 Apr 04
1
[EXTERNAL] Fwd: ntlm_auth and freeradius
...n wrote:
> Op 04-04-2023 om 00:32 schreef Andrew Bartlett:
>
> >
> > On Mon, 2023-04-03 at 15:08 +0000, Tim ODriscoll via samba wrote:
> >
> > > Unfortunately it's still erroring out:
> > > (7) mschap: Creating challenge hash with username: host/SL-6S4BBS3.MYDOMAIN.co.uk
> > > (7) mschap: Client is using MS-CHAPv2
> >
> > Is this set as a UPN (with the realm appended) on the user?
> >
> In my environment (where samba + freeradius + wifi connect with
> machine account works), there is no UPN set on the machine accoun...
2023 Apr 04
1
Fwd: ntlm_auth and freeradius
On Mon, 2023-04-03 at 15:08 +0000, Tim ODriscoll via samba wrote:
Unfortunately it's still erroring out:
(7) mschap: Creating challenge hash with username: host/SL-6S4BBS3.MYDOMAIN.co.uk
(7) mschap: Client is using MS-CHAPv2
> Is this set as a UPN (with the realm appended) on the user?
I don't see any UPN's in my AD record, only SPNs - unless I misunderstand you?
I've run the 'radtest' client with '-t mschap' and without as paramete...
2023 Apr 04
1
Fwd: ntlm_auth and freeradius
On Tue, 2023-04-04 at 07:55 +0000, Tim ODriscoll wrote:
> On Mon, 2023-04-03 at 15:08 +0000, Tim ODriscoll via samba wrote:
>
>
>
>
> > Unfortunately it's still erroring out:
> > (7) mschap: Creating challenge hash with username: host/SL-
> > 6S4BBS3.MYDOMAIN.co.uk
> > (7) mschap: Client is using MS-CHAPv2
>
>
>
> > Is this set as a UPN (with the realm appended) on the user?
>
>
>
>
> I don't see any UPN's in my AD record, only SPNs - unless I
> misunderstand you?
>
>
>
>
>...