search for: mschap2

...n't work (got simple "nt_status_wrong_password") but: 4.7.6 AD and 4.7.1 samba + freeradius works just fine. It's clearly visible in logs. While using "ntlm auth = yes" I was getting in audit log Authentication_passwordType = NTLMv1, but with ntlm auth = ntlmv2-and-mschap2-only audit log shows Authentication_passwordType as "MSCHAP2" Not sure what's the case, maybe only starting with samba 4.7 ntlm_auth can send correct flag? Hope that helps. W dniu 26.03.2018 o 22:16, Jonathan Hunter via samba pisze: > On 26 March 2018 at 14:31, Kacper Wirski...

...athan Hunter via samba pisze: > On 26 March 2018 at 21:38, Kacper Wirski via samba <samba at lists.samba.org> > wrote: > >> While using "ntlm auth = yes" I was getting in audit log >> Authentication_passwordType = NTLMv1, but with ntlm auth = >> ntlmv2-and-mschap2-only audit log shows Authentication_passwordType as >> "MSCHAP2" >> >> Thanks. > (FYI - the correct parameter is 'mschapv2-and-ntlmv2-only' :) ) > > With ntlm-auth set to this, I get '[NTLMv1] status > [NT_STATUS_WRONG_PASSWORD]'. > > Se...

Also I just facepalmed, as I double checked smb.conf right after sending mail, and in samba 4.7 there are new options available for "ntlm auth", as stated in docs: |mschapv2-and-ntlmv2-only| - Only allow NTLMv1 when the client promises that it is providing MSCHAPv2 authentication (such as the |ntlm_auth| tool). So that is is I suppose that special "flag" that is used by

...rlm_mschap: No User-Password configured. Cannot create LM-Password. rlm_mschap: No User-Password configured. Cannot create NT-Password. rlm_mschap: Told to do MS-CHAPv2 for stevens3 with NT-Password radius_xlat: Running registered xlat function of module mschap for string 'Challenge' mschap2: f0 radius_xlat: Running registered xlat function of module mschap for string 'NT-Response' radius_xlat: '/usr/bin/ntlm_auth -debug=10 --logfile=/tmp --request-nt-key --domain=adtest --username=stevens3 --challenge=3316410b7682eede --nt-response=b929ed540a9705a79165ae8bc8b11f3c039f3a81...

...> rlm_mschap: Told to do MS-CHAPv2 for host/IS--000031176 with > NT-Password > radius_xlat: Running registered xlat function of module mschap for > string 'User-Name' > radius_xlat: Running registered xlat function of module mschap for > string 'Challenge' > mschap2: d3 > radius_xlat: Running registered xlat function of module mschap for > string 'NT-Response' > radius_xlat: '/usr/bin/ntlm_auth --domain= --request-nt-key > --username=host/IS--000031176 --challenge=12345ce0768615e > --nt-response=123456f1011a2f799b5d62e04ba...