Displaying 3 results from an estimated 3 matches for "only_for_mschapv2".
2016 Apr 15
1
samba 4.4.2 freeradius authentication with ntlm_auth
...somehow get an MSCHAPv3
> in that uses NTLMv2.
>
> On Windows, setting a special flag allows this horrible insecure
> mechanism to work on networks that otherwise only allow NTLMv2. Samba
> does not honour that flag, but I guess I'm going to need to add a
> 'ntlm_auth = only_for_mschapv2' setting.
>
> In short, MSCHAPv2 protects the network perimeter, yet has worse
> security then you would dare to use even on a well-trusted network.
>
> I realise it is often over TLS, but as with another of our CVEs, we
> know few clients check certificates, so this isn...
2016 Apr 15
5
samba 4.4.2 freeradius authentication with ntlm_auth
Hi;
Samba team say "It is recommended that administrators set these additional
options, if compatible with their network environment:"
ntlm auth = no
I use samba with FreeRadius.
I configure "ntlm_ auth = no" but freeradius users not connected to wifi.
I use ntlm_auth in FreeRadius side..
best regards
2016 Apr 15
0
samba 4.4.2 freeradius authentication with ntlm_auth
...ly no attempt has been made to somehow get an MSCHAPv3
in that uses NTLMv2.
On Windows, setting a special flag allows this horrible insecure
mechanism to work on networks that otherwise only allow NTLMv2. Samba
does not honour that flag, but I guess I'm going to need to add a
'ntlm_auth = only_for_mschapv2' setting.
In short, MSCHAPv2 protects the network perimeter, yet has worse
security then you would dare to use even on a well-trusted network.
I realise it is often over TLS, but as with another of our CVEs, we
know few clients check certificates, so this isn't any help.
I've been i...