search for: ntml_auth

Is there a mod_ntlm_winbind for apache or is that just for squid? I want to use NTLM authentication for our intranet apache server. TIA, Josh Konkol, CCSA CNE MCSE Technical Research Specialist .~. GuideOne Insurance /V\ /( )\ ^^-^^ samba@guidemail.com This message and accompanying documents are covered by the Electronic Communications Privacy Act, 18 U.S.C. ?? 2510-2521, and

...of joining using "realm join --client-software=winbind". The resulting membership also appears be mostly functional, as I was able to authenticate users in all trusted domains (via the localhost samba test I described in my first message, or directly, using "wbinfo -a" or "ntml_auth"). However, since it seemed important, I tried starting from scratch using the wiki instructions you linked to above. These seem to be incomplete, as with that approach, I am unable to join at all. The document first says to delete your smb.conf, and then only discusses setting up the id mapp...

...have is our AD domain was set up years ago and > followed then best practise of not using a public domain internally, > so the domain name is EXAMPLE.CAMPUS while the UPN domain is > EXAMPLE.COM (UPN has been set this way for Office 365 & Skype for > Business to work). > Samba / ntml_auth queries AD based on the sAMAccountName & AD domain > pair but what FreeRADIUS is receiving is the UPN. (trying again, CC to list and correct info) Try ntlm_auth --request-nt-key --domain='' --username=TEST-USER at EXAMPLE.COM eg if the UPN is [user]@[internet domain] and that is...

Hi Rowland, Apologies for the tardy reply, I mistakenly set the mailing list to digest... Thanks for the suggestion, I'll ask the AD guys about this but I have a feeling it is an unlikely solution as Office 365 & Skype for Business apparently relies on the UPN. Unfortunately the local domain is a result of following Microsoft's "Best Practice" in the early 2000's which

On Wed, 28 Mar 2018 20:14:00 +1300 Andrew Bartlett <abartlet at samba.org> wrote: > > On Wed, 2018-03-28 at 03:09 -0400, Mark Foley via samba wrote: > > > > Actually, that didn't quite work. It did change the domain password, but didn't reset the > > expiration days. So today, when the previous password was set to expire. My account was locked > > out.

Hi Guys! Probably this is not the best place to ask, I'll try anyway... =) I've been trying to configure a Samba PDC and a Squid Porxy server with NTLM auth on the same machine but NTML_AUTH keeps complaining about: NT_STATUS_INVALID_HANDLE.... I have others machines running Squid and Authenticating against a Samba Server but on different machines, this is the first time a try both on the same machine. Can I use Squid+NTLM Auth and Samba configured as PDC on the same machine? Is there...

...nly work on a DC, to do the password change from a Unix domain member, you need to add '--ipaddress=DCIPADDRESS' > > I did successfully change my domain password with kpasswd. I was > able to log into Linux and Windows workstations, Dovecot client, and > a web site which uses ntml_auth. I checked the > msDS-UserPasswordExpiryTimeComputed and it was 89 days (the domain > setting is max 90 days). I checked the next day (yesterday) and it > was still 89 days. I went to log into the Windows workstation and > Linux workstation today and was locked out! This is exactly t...

...correct). The problem we have is our AD domain was set up years ago and followed then best practise of not using a public domain internally, so the domain name is EXAMPLE.CAMPUS while the UPN domain is EXAMPLE.COM (UPN has been set this way for Office 365 & Skype for Business to work). Samba / ntml_auth queries AD based on the sAMAccountName & AD domain pair but what FreeRADIUS is receiving is the UPN. E.g. querying AD with a user & local domain pair works TEST-USER at EXAMPLE.CAMPUS: # ntlm_auth --request-nt-key --domain=EXAMPLE.CAMPUS --username=TEST-USER --password=****** NT_STATUS_OK:...

Hi, I'm using samba 3.6.3 on ubuntu 12.04. I'm using samba and winbind so that I can authenticate users via ntml_auth. After configuring my smb.conf I join to the domain: net ads join -U Administrator And everything works fine, calls to ntlm_auth work as expected. However, upon rebooting the server, I can't successfully use ntlm_auth as "no logon servers are available". I've found that I can...

...mba-tool -U <myuser> user password gives me the error: samba-tool: error: no such option: -U Perhaps my version is too old (4.4.16)? I did successfully change my domain password with kpasswd. I was able to log into Linux and Windows workstations, Dovecot client, and a web site which uses ntml_auth. I checked the msDS-UserPasswordExpiryTimeComputed and it was 89 days (the domain setting is max 90 days). I checked the next day (yesterday) and it was still 89 days. I went to log into the Windows workstation and Linux workstation today and was locked out! This is exactly the same thing that h...

...yet to change the password. I've also tried --ipaddress=dchostname which also did not give a syntax error. > > I did successfully change my domain password with kpasswd. I was > > able to log into Linux and Windows workstations, Dovecot client, and > > a web site which uses ntml_auth. I checked the > > msDS-UserPasswordExpiryTimeComputed and it was 89 days (the domain > > setting is max 90 days). I checked the next day (yesterday) and it > > was still 89 days. I went to log into the Windows workstation and > > Linux workstation today and was locked ou...

Hi folks, I'm trying to support a customer with multiple AD forests, and during my research, I've observed some odd behavior. In my lab tests, it seems like authentication works for users in all trusted forests, but only if NTLMSSP is used. When Kerberos ends up being used, authentication only seems to work for users in the local domain. Here's the test setup: - Two Active Directory