search for: pac_credential_info

Displaying 11 results from an estimated 11 matches for "pac_credential_info".

2016 Dec 20
3
Problem with keytab: "Client not found in Kerberos database"
On Tue, 20 Dec 2016 13:50:40 +0000 Brian Candler via samba <samba at lists.samba.org> wrote: > Rowland Perry wrote: > > >/imdap config AD : backend = rid /> >/ > /> How did you 'fix' > > >this, on face value, there is nothing wrong with that line. > > > "imdap" is not "idmap" > > (so now you understand why I
2016 Dec 21
0
Problem with keytab: "Client not found in Kerberos database"
...or TTLS+GTC, both of which send a >> cleartext password) > You might want to read this: > > https://www.samba.org/samba/history/samba-4.5.0.html I'm not sure which section you mean is relevant. Maybe this: "When doing a PKINIT based Kerberos logon the KDC adds the required PAC_CREDENTIAL_INFO element to the authorization data. That means the NTHASH is shared between the PKINIT based client and the domain controller, which allows the client to do NTLM based authentication on behalf of the user." That sounds cool, but I can already use ntlm_auth to validate the MSCHAP passwords. Mo...
2016 Jul 28
0
[Announce] Samba 4.5.0rc1 Available for Download
...serAccountControl attribute. At the same time the account password is reset to a random NTHASH value. Interactive password logons are rejected, if the UF_SMARTCARD_REQUIRED bit is set in the userAccountControl attribute of a user. When doing a PKINIT based kerberos logon the KDC adds the required PAC_CREDENTIAL_INFO element to the authorization data. That means the NTHASH is shared between the PKINIT based client and the domain controller, which allows the client to do NTLM based authentication on behalf of the user. It also allows on offline logon using a smartcard to work on Windows clients. CTDB changes --...
2016 Jul 28
0
[Announce] Samba 4.5.0rc1 Available for Download
...serAccountControl attribute. At the same time the account password is reset to a random NTHASH value. Interactive password logons are rejected, if the UF_SMARTCARD_REQUIRED bit is set in the userAccountControl attribute of a user. When doing a PKINIT based kerberos logon the KDC adds the required PAC_CREDENTIAL_INFO element to the authorization data. That means the NTHASH is shared between the PKINIT based client and the domain controller, which allows the client to do NTLM based authentication on behalf of the user. It also allows on offline logon using a smartcard to work on Windows clients. CTDB changes --...
2016 Aug 10
0
[Announce] Samba 4.5.0rc2 Available for Download
...erAccountControl attribute. At the same time, the account password is reset to a random NTHASH value. Interactive password logons are rejected, if the UF_SMARTCARD_REQUIRED bit is set in the userAccountControl attribute of a user. When doing a PKINIT based Kerberos logon the KDC adds the required PAC_CREDENTIAL_INFO element to the authorization data. That means the NTHASH is shared between the PKINIT based client and the domain controller, which allows the client to do NTLM based authentication on behalf of the user. It also allows an offline logon using a smartcard to work on Windows clients. CTDB changes --...
2016 Aug 10
0
[Announce] Samba 4.5.0rc2 Available for Download
...erAccountControl attribute. At the same time, the account password is reset to a random NTHASH value. Interactive password logons are rejected, if the UF_SMARTCARD_REQUIRED bit is set in the userAccountControl attribute of a user. When doing a PKINIT based Kerberos logon the KDC adds the required PAC_CREDENTIAL_INFO element to the authorization data. That means the NTHASH is shared between the PKINIT based client and the domain controller, which allows the client to do NTLM based authentication on behalf of the user. It also allows an offline logon using a smartcard to work on Windows clients. CTDB changes --...
2016 Sep 07
3
[Announce] Samba 4.5.0 Available for Download
...erAccountControl attribute. At the same time, the account password is reset to a random NTHASH value. Interactive password logons are rejected, if the UF_SMARTCARD_REQUIRED bit is set in the userAccountControl attribute of a user. When doing a PKINIT based Kerberos logon the KDC adds the required PAC_CREDENTIAL_INFO element to the authorization data. That means the NTHASH is shared between the PKINIT based client and the domain controller, which allows the client to do NTLM based authentication on behalf of the user. It also allows an offline logon using a smartcard to work on Windows clients. CTDB changes --...
2016 Sep 07
3
[Announce] Samba 4.5.0 Available for Download
...erAccountControl attribute. At the same time, the account password is reset to a random NTHASH value. Interactive password logons are rejected, if the UF_SMARTCARD_REQUIRED bit is set in the userAccountControl attribute of a user. When doing a PKINIT based Kerberos logon the KDC adds the required PAC_CREDENTIAL_INFO element to the authorization data. That means the NTHASH is shared between the PKINIT based client and the domain controller, which allows the client to do NTLM based authentication on behalf of the user. It also allows an offline logon using a smartcard to work on Windows clients. CTDB changes --...
2016 Aug 29
0
[Announce] Samba 4.5.0rc3 Available for Download
...erAccountControl attribute. At the same time, the account password is reset to a random NTHASH value. Interactive password logons are rejected, if the UF_SMARTCARD_REQUIRED bit is set in the userAccountControl attribute of a user. When doing a PKINIT based Kerberos logon the KDC adds the required PAC_CREDENTIAL_INFO element to the authorization data. That means the NTHASH is shared between the PKINIT based client and the domain controller, which allows the client to do NTLM based authentication on behalf of the user. It also allows an offline logon using a smartcard to work on Windows clients. CTDB changes --...
2016 Aug 29
0
[Announce] Samba 4.5.0rc3 Available for Download
...erAccountControl attribute. At the same time, the account password is reset to a random NTHASH value. Interactive password logons are rejected, if the UF_SMARTCARD_REQUIRED bit is set in the userAccountControl attribute of a user. When doing a PKINIT based Kerberos logon the KDC adds the required PAC_CREDENTIAL_INFO element to the authorization data. That means the NTHASH is shared between the PKINIT based client and the domain controller, which allows the client to do NTLM based authentication on behalf of the user. It also allows an offline logon using a smartcard to work on Windows clients. CTDB changes --...
2016 Sep 07
0
[Announce] Samba 4.5.0 Available for Download
...e same time, the account password is reset to a random > NTHASH value. > > Interactive password logons are rejected, if the UF_SMARTCARD_REQUIRED > bit is set in the userAccountControl attribute of a user. > > When doing a PKINIT based Kerberos logon the KDC adds the > required PAC_CREDENTIAL_INFO element to the authorization data. > That means the NTHASH is shared between the PKINIT based client and > the domain controller, which allows the client to do NTLM based > authentication on behalf of the user. It also allows an offline > logon using a smartcard to work on Windows clien...