similar to: Winbind 3.5.6 Periodically Failing

Hello, We have samba 3.0.23 installed. We are using free radius to take authentication requests from a nortel vpn server and using ntlm_auth trying to authenticate users against AD. This setup works fine when on the AD side ntlmv1 and ntlmv2 are enabled. (IE. Users can authenticate). However, when only ntlmv2 is enabled users are unable to authenticate. I have searched various places and while

Dear All, I'm trying to setup FreeRADIUS to authenticate a machine account to grant access to wifi for domain-connected machines. I think I've got the GPO's set up properly and the CA deployed to the clients, as I'm not getting any errors there. The errors I'm getting are to do with ntlm_auth not authenticating my machine account. Everything looks OK (to me) on the command

Op 03-04-2023 om 16:05 schreef Tim ODriscoll via samba: > Dear All, > > I'm trying to setup FreeRADIUS to authenticate a machine account to grant access to wifi for domain-connected machines. I think I've got the GPO's set up properly and the CA deployed to the clients, as I'm not getting any errors there. > > The errors I'm getting are to do with ntlm_auth not

Op 03-04-2023 om 16:05 schreef Tim ODriscoll via samba: > Dear All, > > I'm trying to setup FreeRADIUS to authenticate a machine account to grant access to wifi for domain-connected machines. I think I've got the GPO's set up properly and the CA deployed to the clients, as I'm not getting any errors there. > > The errors I'm getting are to do with ntlm_auth not

> I guess we have to look at the conf files then, first these two: Thank you for the config file snippets. I can confirm mine were almost identical, so I've tweaked them so that they are now exactly the same as yours except for the "--require-membership-of=example\authorization_groupname" line in ntlm_auth. Unfortunately it's still erroring out: (7) mschap: Creating

On Mon, 2023-04-03 at 15:08 +0000, Tim ODriscoll via samba wrote: Unfortunately it's still erroring out: (7) mschap: Creating challenge hash with username: host/SL-6S4BBS3.MYDOMAIN.co.uk (7) mschap: Client is using MS-CHAPv2 > Is this set as a UPN (with the realm appended) on the user? I don't see any UPN's in my AD record, only SPNs - unless I misunderstand you? I've run

On Mon, 2023-04-03 at 15:08 +0000, Tim ODriscoll via samba wrote: > Unfortunately it's still erroring out: > (7) mschap: Creating challenge hash with username: host/SL-6S4BBS3.MYDOMAIN.co.uk > (7) mschap: Client is using MS-CHAPv2 Is this set as a UPN (with the realm appended) on the user? -- Andrew Bartlett (he/him) https://samba.org/~abartlet/ Samba Team Member (since 2001)

Hello, I am a network admin and I have Samba 4 (4.5.2+dfsg-2) running into Debian Testing, before i update to this version my proxy (squid) authenticate with NTLM with ntlm_auth correctly, same to my FreeRadius server authenticating with winbind. But now with this update i can get to work again the autentications, when i request the NT_KEY to ntlm_auth it not return that key. this is the output

On Tue, 2023-04-04 at 09:37 +0200, Kees van Vloten wrote: > Op 04-04-2023 om 00:32 schreef Andrew Bartlett: > > > > > On Mon, 2023-04-03 at 15:08 +0000, Tim ODriscoll via samba wrote: > > > > > Unfortunately it's still erroring out: > > > (7) mschap: Creating challenge hash with username: host/SL-6S4BBS3.MYDOMAIN.co.uk > > > (7) mschap:

And i forgot to mention.   This is what i have for my squid.   auth_param negotiate program /usr/lib/squid/negotiate_wrapper_auth \     --kerberos /usr/lib/squid/negotiate_kerberos_auth -s HTTP/proxy.internal.domain.tld at REALM \     --ntlm /usr/bin/ntlm_auth --helper-protocol=gss-spnego --domain=NTDOMAIN   See the ntlm line. =>  --helper-protocol=gss-spnego     Greetz,  

Hi all I'm not sure whether to go to the ppp lists for this, or the samba lists. I thought I'd try here first. I have a linux firewall using winbind to authenticate users coming in with PPTP. It all seemed to work OK at first. After a while I noticed that authentication was denied to users who had previously (as in less than a day) authenticated successfully. After a day or so of

On Tue, 2015-01-20 at 13:33 +1300, Andrew Bartlett wrote: > On Mon, 2015-01-19 at 10:59 +0330, Maryam Lahijani wrote: > > Dear All > > > > We have samba4 in our network as an domain controller.we have cisco ISE1.3 > > and our cisco team want to run IEEE802.1x in our network.The problem is > > that ise use ms-rpc for sending MS-CHAP V2 to samba and it revived RPC

You could try the setting. ntlm auth = mschapv2-and-ntlmv2-only >From man smb.conf The available settings are: · ntlmv1-permitted (alias yes) - Allow NTLMv1 and above for all clients. · ntlmv2-only (alias no) - Do not allow NTLMv1 to be used, but permit NTLMv2. · mschapv2-and-ntlmv2-only - Only allow NTLMv1 when the client

On Tue, 2023-04-04 at 07:55 +0000, Tim ODriscoll wrote: > On Mon, 2023-04-03 at 15:08 +0000, Tim ODriscoll via samba wrote: > > > > > > Unfortunately it's still erroring out: > > (7) mschap: Creating challenge hash with username: host/SL- > > 6S4BBS3.MYDOMAIN.co.uk > > (7) mschap: Client is using MS-CHAPv2 > > > > > Is this set as a

I found my problem. From Andrew Bartlett himself "This is not supported against NT4. Only Samba 3.0.21rc1 and AD support this extra flag." To do machine authentication with freeradius, your workstation (supplicant) and samba server must be a member of a 2000/2003 domain. I had the supplicant and samba server still a member of the nt4 domain. Once I changed this, it worked great.

Hi Michael, Thank you for your suggestion. I did clone the server. After the clone, the server was not join to domain automatically, then I join the server to the domain separately. I did not change the local sid. Should I change that? Actually I followed this process to clone the first server and that server did not have the wbinfo -u issue. Then I tried to clone other servers then I

Dear samba users, I have very strange problem. I have Samba PDC up and running, but only thing is missing. I cannot see any Domain Groups at all. Here is my config: Debian Squeeze: ii samba 2:3.5.6~dfsg-3squeeze8 SMB/CIFS file, print, and login server for Unix ii samba-common 2:3.5.6~dfsg-3squeeze8 common files used by both the Samba

Hai, Can you post your smb.conf that helps. But you probly forgot to set: ntlm auth = yes and maybe more, a summup: This is the full list: https://wiki.samba.org/index.php/Samba_Features_added/changed_(by_release) The complete history, have a look at the X.x.0 release notes. https://www.samba.org/samba/history/ For the major differences (new features, etc.) Upgrade samba from a : 4.4.x

I'm trying to move my freeradius server from debian jessie (freeradius 2.2.5+dfsg-0.2+deb8u1 and samba 4.2.14+dfsg-0+deb8u9) in a NT like domain to a new stretch server (freeradius 3.0.12+dfsg-5+deb9u1 and samba 4.8.5+mnu-1~deb9, louis packages). Many things changed. I've followed (also): https://wiki.samba.org/index.php/Authenticating_Freeradius_against_Active_Directory and added in

>Note: the line 'idmap config ad' is not a correct samba option. >But also this would not cause your issue. I did not config this and I believe this comes from the default. Do you suggest to comment this out? I tried "wbinfo -u" and "wbinfo -g" again and attached the log.wb-CFS file. Sorry I forgot to mention, I did stop winbind, remove