similar to: ntlm_auth / winbind problem

Hi, I'm struggling to get squid+ntlm_auth working correctly. I have successfully joined the domain, and I am able to successfully enumerate groups and users using wbinfo. I can also successfully run "wbinfo -a." However, once I configure Squid to use ntlm_auth per: auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --debug-level=10 --nt-response

Hi, On my 2 Debian boxes the option "winbind use default domain = yes" doesn't make any difference any more where as it dit work just before the rest works fine, but not this option in smb.conf. I've discussed the matter on the French Samba mailing-list and I seem not to be the only one who's got this problem. The other person uses winbind with ADS, where as i'm

The Samba team recommends to use their "ntlm_auth" command line helper for "NTLM" and "GSS-SPNEGO" authentication. This helper interacts with the Samba's winbind daemon, and this way can authenticate users against NT or Active Directory windows domain. Currently Dovecot can do "NTLM" authentication too, but just "locally" (against a local

Hi everyone, We just upgraded Samba from 4.4.5 to 4.6.5 and appear to be experiencing a problem with authentication, when the RPC domain is not supplied as part of the username. I have two scenarios where this has cropped up: RADIUS authentication using ntlm_auth Apache HTTP using mod_auth_ntlm_winbind RADIUS authentication: We use the freeRADIUS 'mschap' module to provide

Hi, I want to know how to use ntlm_auth with ntlm-server-1 and freeradius, with the users login and password information in ldap. I have read documentation of ntlm_auth (only found the man page), docs and howtos about pptp and squid, i don't found about freeradius, and i'm experimenting with the options of ntlm_auth. I have configured freeradius+ldap+802.1X for a wireless lan, but i

Ok I'm at a loss, I have 2 instances on winbindd / smbdd / nmbdd running (basically copied to install from samba-multiple-domains.blogspot .com but with my domains and ip's) But the issue I have is that even though both domains joined, and I can see all the winbinds and smbs running, and no errors in the logs, it appears that wbinfo / ntlm_auth only work with one of the units, no matter

I am trying to get FreeRADIUS using Samba's ntlm auth for MSCHAPv2 authentication. I asked this question over on the FreeRADIUS list, and I think the stunned silence means that the folks over there think you guys in the Samba world may be able to help better. I admit it's been a few years since I did any Samba! I have joined my two RADIUS servers (FreeRADIUS 2.0.2, Solaris 10 x86,

Hello, I am using ntlm_auth called from FreeRADIUS to authenticate users on a network with their Active Directory credentials. The problem I seem to be having is that ntlm_auth is taking longer than it should and I can't seem to get it to go faster reliably. Some background information: Users are connecting to a wireless network using 802.1x. That network sends requests to FreeRADIUS which

Op 03-04-2023 om 16:05 schreef Tim ODriscoll via samba: > Dear All, > > I'm trying to setup FreeRADIUS to authenticate a machine account to grant access to wifi for domain-connected machines. I think I've got the GPO's set up properly and the CA deployed to the clients, as I'm not getting any errors there. > > The errors I'm getting are to do with ntlm_auth not

Op 03-04-2023 om 16:05 schreef Tim ODriscoll via samba: > Dear All, > > I'm trying to setup FreeRADIUS to authenticate a machine account to grant access to wifi for domain-connected machines. I think I've got the GPO's set up properly and the CA deployed to the clients, as I'm not getting any errors there. > > The errors I'm getting are to do with ntlm_auth not

Hi guys/gals. I'm brand new to this list, been working with Linux for several years, and have occasionally set up samba file servers before in a "hi-i'm-wide-open-so-anyone-can-read/write-to-my-shares" mode for temporary storage in data recovery scenarios. At the moment, I'm working on a project that involves FreeRADIUS authenticating against a Win2k/2k3 AD server using the

Hi List, I'm running a heavily loaded squid server that uses ntlm_auth to provide NTLM authentication. As load has increased over time, I've found the need to increase the number of ntlm_auth processes available to squid as well as the "winbind max clients" value in the smb.conf file. This has worked well up until now but seems I've hit some sort of limit. If I keep the

Hello, I'm trying to authenticate PPP (in fact l2tp...) users with Active Directory (windows server 2003 DCs, mixed-mode domain) using winbind / ntlm_auth. I'm using Samba 3.0.22, PPP 2.4.3, Kerberos 1.3.6, with Trustix 2.2 What works : - krb5kinit (and krb5klist -e) - net ads join - wbinfo -u, wbinfo -g, wbinfo -a user%pwd, wbinfo -p, wbinfo -t and wbinfo -m - getent passwd and

Chaps, I'm trying to get a radius server to authenticate to AD via the samba ntlm_auth program. I've just built samba vsn 3.0.21c with the following config parameters ./configure --with-pam --enable-socket-wrapper --with-ldapsam --with-syslog --with-ldap --with-winbind My smb.conf has global] workgroup = ADIR security = domain password server = 150.237.54.198 realm =

Hi all, I have just installed and configured a squid setup authenticating against Active Directory using kerberos tickets and have achieved the holy-grail of IT - Single Sign On! The problem is that I have two users for whom is does not work. The ntlm_auth logs show that for users that are properly authenticated against squid we get the following (Usernames/Domains/Hosts have been changed for

Hi, I am using samba 3.2.2 with freeradius . I have joined the domain & able to authenticate users with ntlm_auth. If in ADS-2003 I configure the Remote Access Permission for the user ( User-properties->Dial-in ) as Deny then if I use the "ntlm_auth --username=user --password=password" I get NT_STATUS_OK. What could be the reason for this behavior , or is there any patch

I am trying to use ntlm_auth for machine authentication requests against a Win2003/AD from my RADIUS server. Normal, user authentication works fine, but not machine authentication. The username passed from RADIUS to ntlm-auth looks like host/pcname123. I'm wondering if the "/" is killing it? The ntlm_auth man page says that it expects only Samba's unix charset. Does anyone

Hi, I'm using ntlm_auth to authenticate users in freeradius. My samba server is joined to DOMAINA. When I run ntlm_auth --username=domainauser everything works great. When I run ntlm_auth --username=domainbuser it fails because the user does not exist in domaina which the server is joined to. If I run ntlm_auth --username=domainbuser --domain=domainb it works great. I was wanting to do

On Tue, 23 Jan 2024 17:07:35 -0500 Mark Foley via samba <samba at lists.samba.org> wrote: > On Mon Jan 22 11:00:59 2024 Mark Foley via samba > <samba at lists.samba.org> wrote: > > > > I have scripts that runs ntlm_auth. Before upgrading my DC to > > 4.18.9 I would get text string output from the ntlm_auth command. > > For example: > > > >

On Mon Jan 22 11:00:59 2024 Mark Foley via samba <samba at lists.samba.org> wrote: > > I have scripts that runs ntlm_auth. Before upgrading my DC to 4.18.9 I would > get text string output from the ntlm_auth command. For example: > > STATUS_NO_SUCH_USER > NT_STATUS_WRONG_PASSWORD > STATUS_OK > > My script(s) look for these strings. > > Now with the new