similar to: NTLM protocol/multiple DCs

[ Please would anyone replying to this maintain the Cc list here as my dear colleague is not subscribed to this mailing list. ] Hello all, I am trying to track down an oddity with winbindd. We're using samba only to join a given domain -- so the config file is very minimal, as per: [global] workgroup = TEDDYBEARS netbios name = SMOOTHWALL realm = TEDDYBEARS.LOCAL security = ads

Hi,guys . I implement HTTP Proxy running in Linux environment and my proxy have to support NTLM authentication. My proxy written in C++. I try to use _squid-ntlm helper _according to *http://devel.squid-cache.org/ntlm/squid_helper_protocol.html . So *I run helper like this *system ("ntlm_auth -d=10 --helper-protocol=squid-2.5-ntlmssp"*); and implemented its protocol (see

On Mon, 18 Feb 2019 10:17:16 -0000 Stuart Henderson wrote: > > On 2019-02-13, Mark Foley via dovecot <dovecot at dovecot.org> wrote: > > Is it possible that no one on this list is authenticating Outlook with Dovecot and NTLM? > > Yes, it's possible, the outdated instructions you found on the wiki > suggests it's an uncommon configiration. Hmmm, really? And yet

Hello, I've done some further testing, and I have to correct myself. I was (kind of obviously as I think about it) wrong about samba on the freeradius server requiring v. 4.7. What makes all the difference is the method used by mschap. Traditionally in freeradius in mods-available/mschap you'll use something like: ntlm_auth = "/path/to/ntlm_auth --request-nt-key

Hi all; We have Squid 2.5.STABLE7running with 30 ntlm_auth helpers Version 3.0.10-1.fc3. The problem is that on the squid?s cachemgr.cgi->NTLM User Authenticator Stats is possible to verify that the ntlm_auth processes are slowly having the flag R (Reserved or Deferred) set and never being used again (the number of requests stops). This problem goes until there is no more ntlm_auth

That is strange! We run Centos7 and 4.4.4. # First test dc209:~# ntlm_auth --username=mdufresne Password: NT_STATUS_OK: Success (0x0) # sAMAccountName modification dc209:~# ldbedit -H $sam samaccountname=mdufresne # 0 adds 1 modifies 0 deletes # Test with old sAMAccountName dc209:~# ntlm_auth --username=mdufresne Password: NT_STATUS_NO_SUCH_USER: No such user (0xc0000064) # Test with new

Hi, thank you very much for testing everything out. Great work! One question: passchange - which application are working with passchange on radius ? In the moment every user with an expired password is NOT able to use services using radius for authentication (WLAN,VPN). Is there any documentation available ? Bye, Peer On 27.03.2018 22:40, Kacper Wirski via samba wrote: > Hello, > >

Hihi So I have a really strange problem. I am running Centos 7 with Samba purely for ntlm_auth against winbind services (squid/radius auth etc). Its been working fine till we found a strange bug with the ntlm_auth executable. If the username has a "w" at the end it throws out a syntax error see below test: # ./ntlm_auth --username=lblaauw username must be specified! Usage:

On 2019-02-13, Mark Foley via dovecot <dovecot at dovecot.org> wrote: > Is it possible that no one on this list is authenticating Outlook with Dovecot and NTLM? Yes, it's possible, the outdated instructions you found on the wiki suggests it's an uncommon configiration. No actual answers from me, but it might give you some clues: > More on this ... > > I short-sheeted

On Tue, 2018-03-27 at 01:22 +0200, Kacper Wirski via samba wrote: > Hello, > > I've done some further testing, and I have to correct myself. > > I was (kind of obviously as I think about it) wrong about samba on the > freeradius server requiring v. 4.7. What makes all the difference is the > method used by mschap. > What I can't test right now, if it will work

Sorry, i'm still a bit confused. Andreay say: > I would do that, it allows you to have the FreeRADIUS fail over to > another DC when you are upgrading Samba, and choose to upgrade Samba's > base OS without consideration for the Squid/FreeRADIUS stack. So, ntlm_auth connect to (local) winbind, and winbind connect to DCs, so in this way freeradius 'failover' in respect of

ok, tested it, and it works. so to summarize: on samba ad 4.7.x  in smb.conf "ntlm auth" is set to "mschapv2-and-ntlmv2-only" fr + samba domain member (4.6 and 4.7) in mods-available/mschap you have to add to ntlm_auth --allow-mschapv2 to the whole string OR just use winbind method, which sets correct flag without explicitly adding it. with those settings ntlmv1 is blocked

More on this ... I short-sheeted ntlm_auth to see what was being passed to it. It is getting as arg1: --helper-protocol=squid-2.5-ntlmssp I tried running ntlm_auth at the command line as: ntlm_auth --username=user --password=password --helper-protocol=squid-2.5-ntlmssp It did nothing, just hung there. The ntlm_auth man page says: --helper-protocol=PROTO Operate as a stdio-based helper.

On 19.2.2019 4.48, Mark Foley via dovecot wrote: > On Mon, 18 Feb 2019 10:17:16 -0000 Stuart Henderson wrote: >> On 2019-02-13, Mark Foley via dovecot <dovecot at dovecot.org> wrote: >>> Is it possible that no one on this list is authenticating Outlook with Dovecot and NTLM? >> Yes, it's possible, the outdated instructions you found on the wiki >> suggests

Hi. Samba-4.0.7 FreeBSD 10.0-CURRENT Besides serving files I'm using Samba to authenticate users in the Windows AD with squid. After having issues with samba 3.6.16 I decided to see if samba4 will fit me more. I was surprised, but I found that Samba 4 is fully functional in my environment and is nearly production-ready. After that I tried to setup squid to use samba for NTLM authentication.

I've also tried adding the pgsql and mysql RPM's and they're not available either. On 20/03/2023 12:58, Gary Stainburn wrote: > Apologies.? This is the correct screen grab. > > The extra errors in the OP were because I had been experimenting, to > try to fix the issue. > > [root at testsvr ~]# ./ldapAuth.php gary.stainburn fake-password > PHP Fatal error:?

Hi, I want to set up squid (2.6.9) with Samba (3.0.24) using NTLM authentication. I don't want to authenticate against an AD server; I just want to authenticate against a smbpasswd backend without sending the password over the network in the clear. The squid server is on the same box a the Samba server providing file/print services to XP workstations. The primary way of using NTLM seems

Currently (samba 4 NT-like domains) i use extensively NTLM auth in freeradius and more mildly in squid, respectively with: Freeradius (mschap module): ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --domain=SANVITO --username=%{mschap:User-Name:-None} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}" squid3: auth_param ntlm program /usr/bin/ntlm_auth

Hi. I need to use the ntlm_auth module to auth. users so a group can use Internet and other not, using squid. The users that belong to "Internet" group may use Internet. I've being looking for info. about this but there is no much info. in google. Until now this is the only info. that I had found: for squid.conf: auth_param ntlm program /usr/bin/ntlm_auth

Hi, I am running squid and samba to auth users against a 2003 domain. My squid setup is something like this: auth_param ntlm program /usr/local/libexec/squid/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 2 minutes auth_param ntlm children 2 auth_param basic program /usr/local/libexec/squid/ntlm_auth