Displaying 5 results from an estimated 5 matches for "mschap2".
Did you mean:
mschap
2018 Mar 26
3
freeradius + NTLM + samba AD 4.5.x
...n't work
(got simple "nt_status_wrong_password")
but: 4.7.6 AD and 4.7.1 samba + freeradius works just fine. It's clearly
visible in logs.
While using "ntlm auth = yes" I was getting in audit log
Authentication_passwordType = NTLMv1, but with ntlm auth =
ntlmv2-and-mschap2-only audit log shows Authentication_passwordType as
"MSCHAP2"
Not sure what's the case, maybe only starting with samba 4.7 ntlm_auth
can send correct flag?
Hope that helps.
W dniu 26.03.2018 o 22:16, Jonathan Hunter via samba pisze:
> On 26 March 2018 at 14:31, Kacper Wirski...
2018 Mar 26
2
freeradius + NTLM + samba AD 4.5.x
...athan Hunter via samba pisze:
> On 26 March 2018 at 21:38, Kacper Wirski via samba <samba at lists.samba.org>
> wrote:
>
>> While using "ntlm auth = yes" I was getting in audit log
>> Authentication_passwordType = NTLMv1, but with ntlm auth =
>> ntlmv2-and-mschap2-only audit log shows Authentication_passwordType as
>> "MSCHAP2"
>>
>> Thanks.
> (FYI - the correct parameter is 'mschapv2-and-ntlmv2-only' :) )
>
> With ntlm-auth set to this, I get '[NTLMv1] status
> [NT_STATUS_WRONG_PASSWORD]'.
>
> Se...
2018 Mar 26
3
freeradius + NTLM + samba AD 4.5.x
Also I just facepalmed, as I double checked smb.conf right after sending
mail, and in samba 4.7 there are new options available for "ntlm auth",
as stated in docs:
|mschapv2-and-ntlmv2-only| - Only allow NTLMv1 when the client promises
that it is providing MSCHAPv2 authentication (such as the |ntlm_auth| tool).
So that is is I suppose that special "flag" that is used by
2007 Apr 26
1
ntlm_auth to AD with only ntlmv2 enabled failing
...rlm_mschap: No User-Password configured. Cannot create LM-Password.
rlm_mschap: No User-Password configured. Cannot create NT-Password.
rlm_mschap: Told to do MS-CHAPv2 for stevens3 with NT-Password
radius_xlat: Running registered xlat function of module mschap for string
'Challenge'
mschap2: f0
radius_xlat: Running registered xlat function of module mschap for string
'NT-Response'
radius_xlat: '/usr/bin/ntlm_auth -debug=10 --logfile=/tmp
--request-nt-key --domain=adtest --username=stevens3
--challenge=3316410b7682eede
--nt-response=b929ed540a9705a79165ae8bc8b11f3c039f3a81...
2005 Nov 21
0
Re: 802.1x machine authentication patch help
...> rlm_mschap: Told to do MS-CHAPv2 for host/IS--000031176 with
> NT-Password
> radius_xlat: Running registered xlat function of module mschap for
> string 'User-Name'
> radius_xlat: Running registered xlat function of module mschap for
> string 'Challenge'
> mschap2: d3
> radius_xlat: Running registered xlat function of module mschap for
> string 'NT-Response'
> radius_xlat: '/usr/bin/ntlm_auth --domain= --request-nt-key
> --username=host/IS--000031176 --challenge=12345ce0768615e
> --nt-response=123456f1011a2f799b5d62e04ba...