Displaying 12 results from an estimated 12 matches for "ntml_auth".
Did you mean:
ntlm_auth
2004 Apr 23
3
mod_ntlm_winbind
Is there a mod_ntlm_winbind for apache or is that just for squid? I want to
use NTLM authentication for our intranet apache server.
TIA,
Josh Konkol, CCSA CNE MCSE
Technical Research Specialist
.~. GuideOne Insurance
/V\
/( )\
^^-^^ samba@guidemail.com
This message and accompanying documents are covered by the Electronic
Communications Privacy Act, 18 U.S.C. ?? 2510-2521, and
2019 Oct 29
1
AD domain member cannot authenticate user in remote forest unless smbclient uses "localhost"
...of joining using
"realm join --client-software=winbind". The resulting membership also
appears be mostly functional, as I was able to authenticate users in all
trusted domains (via the localhost samba test I described in my first
message, or directly, using "wbinfo -a" or "ntml_auth").
However, since it seemed important, I tried starting from scratch using the
wiki instructions you linked to above. These seem to be incomplete, as with
that approach, I am unable to join at all. The document first says to
delete your smb.conf, and then only discusses setting up the id mapp...
2019 Nov 14
1
FreeRADIUS & SAMBA when Active Directory domain is not a FQDN
...have is our AD domain was set up years ago and
> followed then best practise of not using a public domain internally,
> so the domain name is EXAMPLE.CAMPUS while the UPN domain is
> EXAMPLE.COM (UPN has been set this way for Office 365 & Skype for
> Business to work).
> Samba / ntml_auth queries AD based on the sAMAccountName & AD domain
> pair but what FreeRADIUS is receiving is the UPN.
(trying again, CC to list and correct info)
Try ntlm_auth --request-nt-key --domain=''
--username=TEST-USER at EXAMPLE.COM
eg if the UPN is [user]@[internet domain] and that is...
2019 Nov 13
3
FreeRADIUS & SAMBA when Active Directory domain is not a FQDN
Hi Rowland,
Apologies for the tardy reply, I mistakenly set the mailing list to digest...
Thanks for the suggestion, I'll ask the AD guys about this but I have a feeling it is an unlikely solution as Office 365 & Skype for Business apparently relies on the UPN. Unfortunately the local domain is a result of following Microsoft's "Best Practice" in the early 2000's which
2018 Mar 29
2
How to change Domain password as normal user?
On Wed, 28 Mar 2018 20:14:00 +1300 Andrew Bartlett <abartlet at samba.org> wrote:
>
> On Wed, 2018-03-28 at 03:09 -0400, Mark Foley via samba wrote:
> >
> > Actually, that didn't quite work. It did change the domain password, but didn't reset the
> > expiration days. So today, when the previous password was set to expire. My account was locked
> > out.
2009 Mar 31
1
Samba PDC & Squid NTLM Auth - Same machine
Hi Guys!
Probably this is not the best place to ask, I'll try anyway... =)
I've been trying to configure a Samba PDC and a Squid Porxy server
with NTLM auth on the same machine but NTML_AUTH keeps complaining
about: NT_STATUS_INVALID_HANDLE.... I have others machines running
Squid and Authenticating against a Samba Server but on different
machines, this is the first time a try both on the same machine.
Can I use Squid+NTLM Auth and Samba configured as PDC on the same
machine? Is there...
2018 Mar 31
2
How to change Domain password as normal user?
...nly work
on a DC, to do the password change from a Unix domain member, you need
to add '--ipaddress=DCIPADDRESS'
>
> I did successfully change my domain password with kpasswd. I was
> able to log into Linux and Windows workstations, Dovecot client, and
> a web site which uses ntml_auth. I checked the
> msDS-UserPasswordExpiryTimeComputed and it was 89 days (the domain
> setting is max 90 days). I checked the next day (yesterday) and it
> was still 89 days. I went to log into the Windows workstation and
> Linux workstation today and was locked out! This is exactly t...
2019 Nov 13
0
FreeRADIUS & SAMBA when Active Directory domain is not a FQDN
...correct).
The problem we have is our AD domain was set up years ago and followed then best practise of not using a public domain internally, so the domain name is EXAMPLE.CAMPUS while the UPN domain is EXAMPLE.COM (UPN has been set this way for Office 365 & Skype for Business to work).
Samba / ntml_auth queries AD based on the sAMAccountName & AD domain pair but what FreeRADIUS is receiving is the UPN.
E.g. querying AD with a user & local domain pair works TEST-USER at EXAMPLE.CAMPUS:
# ntlm_auth --request-nt-key --domain=EXAMPLE.CAMPUS --username=TEST-USER --password=******
NT_STATUS_OK:...
2014 Jun 16
0
Join to AD does not persist reboot, requires "net ads join"
Hi,
I'm using samba 3.6.3 on ubuntu 12.04. I'm using samba and winbind so
that I can authenticate users via ntml_auth.
After configuring my smb.conf I join to the domain:
net ads join -U Administrator
And everything works fine, calls to ntlm_auth work as expected.
However, upon rebooting the server, I can't successfully use ntlm_auth
as "no logon servers are available". I've found that I can...
2018 Mar 31
0
How to change Domain password as normal user?
...mba-tool -U <myuser> user password
gives me the error:
samba-tool: error: no such option: -U
Perhaps my version is too old (4.4.16)?
I did successfully change my domain password with kpasswd. I was able to log into Linux and
Windows workstations, Dovecot client, and a web site which uses ntml_auth. I checked the
msDS-UserPasswordExpiryTimeComputed and it was 89 days (the domain setting is max 90 days). I
checked the next day (yesterday) and it was still 89 days. I went to log into the Windows
workstation and Linux workstation today and was locked out! This is exactly the same thing that
h...
2018 Mar 31
0
How to change Domain password as normal user?
...yet to change the
password. I've also tried --ipaddress=dchostname which also did not give a syntax error.
> > I did successfully change my domain password with kpasswd. I was
> > able to log into Linux and Windows workstations, Dovecot client, and
> > a web site which uses ntml_auth. I checked the
> > msDS-UserPasswordExpiryTimeComputed and it was 89 days (the domain
> > setting is max 90 days). I checked the next day (yesterday) and it
> > was still 89 days. I went to log into the Windows workstation and
> > Linux workstation today and was locked ou...
2019 Oct 28
5
AD domain member cannot authenticate user in remote forest unless smbclient uses "localhost"
Hi folks,
I'm trying to support a customer with multiple AD forests, and during my
research, I've observed some odd behavior. In my lab tests, it seems like
authentication works for users in all trusted forests, but only if NTLMSSP
is used. When Kerberos ends up being used, authentication only seems to
work for users in the local domain.
Here's the test setup:
- Two Active Directory