search for: authentication_passwordtyp

...server. Setup: 4.7.6 AD server and 4.6.2 samba member + freeradius didn't work (got simple "nt_status_wrong_password") but: 4.7.6 AD and 4.7.1 samba + freeradius works just fine. It's clearly visible in logs. While using "ntlm auth = yes" I was getting in audit log Authentication_passwordType = NTLMv1, but with ntlm auth = ntlmv2-and-mschap2-only audit log shows Authentication_passwordType as "MSCHAP2" Not sure what's the case, maybe only starting with samba 4.7 ntlm_auth can send correct flag? Hope that helps. W dniu 26.03.2018 o 22:16, Jonathan Hunter via samba p...

...so uses ntlm_auth in the end? Regards, Kacper W dniu 26.03.2018 o 23:09, Jonathan Hunter via samba pisze: > On 26 March 2018 at 21:38, Kacper Wirski via samba <samba at lists.samba.org> > wrote: > >> While using "ntlm auth = yes" I was getting in audit log >> Authentication_passwordType = NTLMv1, but with ntlm auth = >> ntlmv2-and-mschap2-only audit log shows Authentication_passwordType as >> "MSCHAP2" >> >> Thanks. > (FYI - the correct parameter is 'mschapv2-and-ntlmv2-only' :) ) > > With ntlm-auth set to this, I get '[NTLMv...

Also I just facepalmed, as I double checked smb.conf right after sending mail, and in samba 4.7 there are new options available for "ntlm auth", as stated in docs: |mschapv2-and-ntlmv2-only| - Only allow NTLMv1 when the client promises that it is providing MSCHAPv2 authentication (such as the |ntlm_auth| tool). So that is is I suppose that special "flag" that is used by