similar to: Samba authentication

Displaying 20 results from an estimated 3000 matches similar to: "Samba authentication"

2018 Mar 26
1
freeradius + NTLM + samba AD 4.5.x
It is an issue that I myself would also like to solve. I found multiple threads in samba and freeradius mailing lists. It seems that every couple of months there is question like this either here on FR mailing list and all point down to the same issue, that is: freeradius uses ntlm_auth (even when using winbind with newer freeradius versions, it also in the end uses ntlm_auth). And since
2018 Mar 26
4
freeradius + NTLM + samba AD 4.5.x
Hi, we have updated our samba AD domain from 4.4.x to 4.5.x. The release notes for 4.5.0 included  "NTLMv1 authentication disabled by default". So we had to enable it to get our radius (freeradius) server working (for 802.1x). What would be the best way to change the freeradius configuration in such a way, that we can disable NTLMv1 again. The radius server is used for WLAN
2006 Feb 21
1
Effect of disabling LM/NTLMv1 auth on an AD?
Folks, Our campus AD team has decided that they ... >Need to disable LM/NTLMv1 authentication support to provide greater >security and be consistent with the CITES authentication roadmap. Noble thoughts, but there hasn't been much thought of the ramifications for other, interoperable systems like Samba. I can see that modern Samba versions support NTLMv1 and NTLMv2 methods.
2018 Mar 26
3
freeradius + NTLM + samba AD 4.5.x
Ok, I finally could try it out, and it seems to actually work, but You need samba 4.7 on all machines, not only AD, but also server with freeradius. I didn't get a chance to test it locally, that is samba AD + freeradius on the same server. Setup: 4.7.6 AD server and 4.6.2 samba member + freeradius didn't work (got simple "nt_status_wrong_password") but: 4.7.6 AD and 4.7.1
2017 Nov 20
2
Samba4 server is not accessible for logon from Windows 2008R2 SP1.
I discovered the situation. When attempting to logon from Windows 2008R2 to Samba4 is made we can see in Samba smbd log the following important for understanding the situation lines: [2017/11/20 13:25:52.040094, 2, pid=7100, effective(0, 0), real(0, 0)] ../libcli/auth/ntlm_check.c:430(ntlm_password_check) ntlm_password_check: NTLMv1 passwords NOT PERMITTED for user <username> [2017/11/20
2023 Nov 03
2
smbclient NT_STATUS_NTLM_BLOCKED
On Fri, 3 Nov 2023 12:27:57 +0100 cYuSeDfZfb cYuSeDfZfb via samba <samba at lists.samba.org> wrote: > Hi, > > I have configured my (RHEL9) standalone samba server with "ntlm auth = > disabled" because we understand that ntlm should be disabled nowadays. > > However, we can no longer use smbclient (4.17) to connect to that > server, as: > > session
2018 Mar 26
3
freeradius + NTLM + samba AD 4.5.x
Also I just facepalmed, as I double checked smb.conf right after sending mail, and in samba 4.7 there are new options available for "ntlm auth", as stated in docs: |mschapv2-and-ntlmv2-only| - Only allow NTLMv1 when the client promises that it is providing MSCHAPv2 authentication (such as the |ntlm_auth| tool). So that is is I suppose that special "flag" that is used by
2020 Jun 16
3
Wrong password, Win10 not using SMB3_11?
On Tue, 16 Jun 2020, Rowland penny via samba wrote: > On 16/06/2020 12:41, Harald Hannelius via samba wrote: >> I have Samba AD-domain with two fileservers and two Samba DS-servers. Most >> people can authenticate OK, but one user always gets "wrong password". > What versions of Samba ? All servers are 4.9.5-Debian. >> Auth: [SMB2,(null)] user [SAD]\[username]
2019 Nov 06
2
NTLM refuses to work on a DC
Hi there, I'm trying to get FreeRADIUS to authenticate against my Samba DC. It's Samba 4.7.6-ubuntu running on Ubuntu 18 (kernel version 4.15.0-66-generic). It came nicely packaged with Zentyal, which provides a nice GUI for managing a domain, as well as a CA and lots of cool small features. That same Zentyal also includes support for FreeRADIUS (3.0.16). This is my smb.conf:
2007 Dec 11
1
ntlm_auth only supports ntlmv1 and not ntlmv2 ?
Hello, i set up a squid proxy that should authenticate users against a samba PDC using winbind. It works fine as long i allow ntlmv1: on the PDC: ntlm auth = yes lanman auth = no client ntlmv2 auth = yes If i restrict the domains authentication method to ntlmv2 - that's what i want - with these settings: ntlm auth = no lanman auth = no client
2018 Mar 27
5
ODP: Re: freeradius + NTLM + samba AD 4.5.x
Hello, I can definately confirm that it's working. My basic setup is: 1) Samba 4.7.6 AD DC (2 of them), compiled from source, on centos 7 2) Freeradius 3.0.13 + samba 4.6.2 as domain member, packages straight from centos repo. // I  tested also on freeradius 3.0.14 and samba 4.7.x smb.conf on the DC is pretty basic, most important is obviously in [globall]:         ntlm auth =
2018 Mar 27
2
ODP: Re: freeradius + NTLM + samba AD 4.5.x
ok, tested it, and it works. so to summarize: on samba ad 4.7.x  in smb.conf "ntlm auth" is set to "mschapv2-and-ntlmv2-only" fr + samba domain member (4.6 and 4.7) in mods-available/mschap you have to add to ntlm_auth --allow-mschapv2 to the whole string OR just use winbind method, which sets correct flag without explicitly adding it. with those settings ntlmv1 is blocked
2023 Apr 04
1
Fwd: ntlm_auth and freeradius
On Tue, 2023-04-04 at 07:55 +0000, Tim ODriscoll wrote: > On Mon, 2023-04-03 at 15:08 +0000, Tim ODriscoll via samba wrote: > > > > > > Unfortunately it's still erroring out: > > (7) mschap: Creating challenge hash with username: host/SL- > > 6S4BBS3.MYDOMAIN.co.uk > > (7) mschap: Client is using MS-CHAPv2 > > > > > Is this set as a
2023 Apr 04
2
Fwd: ntlm_auth and freeradius
> You said earlier that you have set ntlm auth = mschapv2-and-ntlmv2-only Yes, I found that here: https://wiki.samba.org/index.php/Authenticating_Freeradius_against_Active_Directory > This means to reject NTLMv1, which MSCHAPv2 is cryptographically, unless the client makes special pleading that it used MSCHAPv2 with it's client. > This is related to the missing ntlm_auth option
2017 Nov 11
1
how safe is "net use" in a batch file? plus some encryption questions
On Sat, 11 Nov 2017 13:32:31 -0600 Andrew Walker <walker.aj325 at gmail.com> wrote: > I thought "net use" will use ntlm for auth (no clear-text passwords > passing over the wire). At least that's what I see in wireshark on > modern windows. > If you use NTLMv1, you might as well use plain passwords. Given the NTLMv1 password, it would take your average badhat
2018 Mar 26
2
freeradius + NTLM + samba AD 4.5.x
Hello, I've done some further testing, and I have to correct myself. I was (kind of obviously as I think about it) wrong about samba on the freeradius server requiring v. 4.7. What makes all the difference is the method used by mschap. Traditionally in freeradius in mods-available/mschap you'll use something like: ntlm_auth = "/path/to/ntlm_auth --request-nt-key
2017 Oct 24
2
Outlook 2016 SSO with GSSAPI auth?
Hi folks, I've been sifting through various threads on GSSAPI and NTLM support, and I'm wondering if anyone out there can confirm or deny GSSAPI IMAP auth support in Microsoft Outlook 2016 (Windows)? Perhaps there's some magic registry key to change IMAP auth from PLAIN to GSSAPI? We're trying to do single sign-on + e-mail for Windows domain users; Thunderbird GSSAPI works
2019 May 08
1
4.10.2 not connecting to (old) NAS
Thank you Rowland - adding "ntlm auth = yes" in the global section and rebooting the machine has provided access once again to the NAS. In answer to your questions - the smb.conf was from the PCLOS machine.  Question - I had tried sec=ntlm in the mount statement without it being in the smb.conf - did that not work because ntlmv1 had not been enabled? As to the question marks, that
2018 Aug 20
3
Is there a limit on Number of users connecting share
On 8/20/2018 11:32 AM, Rowland Penny via samba wrote: > On Mon, 20 Aug 2018 14:37:32 +0530 > Amit via samba <samba at lists.samba.org> wrote: > >>>> >>>> >>>> Query: >>>> 1. Is there a limit on max number of connections to share? There >>>> must be what's the max? 2. Is using force user, force group good
2018 Aug 20
2
Is there a limit on Number of users connecting share
Hey Rowland! Thanks for response. I admire your work. Please find my responses inline. On 08/20/2018 02:19 PM, Rowland Penny via samba wrote: > On Mon, 20 Aug 2018 11:06:48 +0530 > Amit via samba <samba at lists.samba.org> wrote: > >> Dear Devels, >> >> samba-4.2.3-10.el7.x86_64 >> >> # vim smb.conf >> [global] >> workgroup =