Displaying 20 results from an estimated 11000 matches similar to: "smbclient NT_STATUS_NTLM_BLOCKED"
2023 Nov 03
2
smbclient NT_STATUS_NTLM_BLOCKED
On Fri, 3 Nov 2023 12:27:57 +0100
cYuSeDfZfb cYuSeDfZfb via samba <samba at lists.samba.org> wrote:
> Hi,
>
> I have configured my (RHEL9) standalone samba server with "ntlm auth =
> disabled" because we understand that ntlm should be disabled nowadays.
>
> However, we can no longer use smbclient (4.17) to connect to that
> server, as:
>
> session
2018 Mar 26
3
freeradius + NTLM + samba AD 4.5.x
Ok, I finally could try it out, and it seems to actually work, but You
need samba 4.7 on all machines, not only AD, but also server with
freeradius. I didn't get a chance to test it locally, that is samba AD +
freeradius on the same server.
Setup: 4.7.6 AD server and 4.6.2 samba member + freeradius didn't work
(got simple "nt_status_wrong_password")
but: 4.7.6 AD and 4.7.1
2017 Sep 21
2
[Announce] Samba 4.7.0 Available for Download
On Thu, 21 Sep 2017 12:40:57 -0400
lingpanda101 via samba <samba at lists.samba.org> wrote:
> >
> I'm not understanding the change to 'ntlm auth' parameter. It's says
> default is now ntlmv2-only as a value. So this takes the place of
> 'ntlm auth = no'(ie. ntlm auth = ntlmv2-only)? Using the value of
> 'yes' is OK(ie. ntlm auth = yes)?
2017 Oct 17
3
ntlm_auth and SMBv2/v3
Hello Andrew,
Do you plan to release the patch for "ntlm auth =
mschapv2-only" option soon ?
We need this on order to use freeradius in
a "more safe" scenario than with "ntlm auth = yes"
Best
Regard,
Lulzim KELMENI
Direction des Systèmes d'Information
Mairie de
Saint-Ouen
Le 08/06/2017 21:36, Andrew Bartlett via samba a écrit :
>
On Thu, 2017-06-08 at
2018 Mar 19
3
Primary group is 0 and contains 0 supplementary groups
>
> It might help if you told us how Extreme advised you to configure it.
https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-set-internal-RADIUS-server-on-WiNG-with-LDAP-based-authentication
http://www.michaelfmcnamara.com/files/motorola/WING5X_How_To_Active_Directory_Authentication_Rev_B.pdf
https://www.manualslib.com/manual/1150860/Motorola-Wing-5-7-1.html
2024 Jan 27
2
ntlm_auth not returning "STATUS_OK"
On Fri, 26 Jan 2024 22:22:49 -0500
Mark Foley via samba <samba at lists.samba.org> wrote:
> On Wed Jan 24 05:03:25 2024 Rowland Penny via samba
> <samba at lists.samba.org> wrote:
> >
> > On Tue, 23 Jan 2024 17:07:35 -0500
> > Mark Foley via samba <samba at lists.samba.org> wrote:
> >
> > > On Mon Jan 22 11:00:59 2024 Mark Foley via samba
2022 Sep 21
2
Kmods SIG in RHEL
On 21/09/2022 08:32, Thomas Stephen Lee wrote:
> Hi,
>
> Is
> https://sigs.centos.org/kmods/
> a part of RHEL 9?
> If yes, what is the repository name?
> If not, when can we expect it to be included?
>
> Thanks
>
> ---
> Lee
No, it's not part of RHEL9 , and it's built and maintained by the Kmods
SIG (see https://sigs.centos.org/kmods/) as a
2017 Nov 20
2
Samba4 server is not accessible for logon from Windows 2008R2 SP1.
I discovered the situation.
When attempting to logon from Windows 2008R2 to Samba4 is made we can see
in Samba smbd log the following important for understanding the situation
lines:
[2017/11/20 13:25:52.040094, 2, pid=7100, effective(0, 0), real(0, 0)]
../libcli/auth/ntlm_check.c:430(ntlm_password_check)
ntlm_password_check: NTLMv1 passwords NOT PERMITTED for user <username>
[2017/11/20
2018 Mar 27
5
ODP: Re: freeradius + NTLM + samba AD 4.5.x
Hello,
I can definately confirm that it's working.
My basic setup is:
1) Samba 4.7.6 AD DC (2 of them), compiled from source, on centos 7
2) Freeradius 3.0.13 + samba 4.6.2 as domain member, packages straight
from centos repo. // I tested also on freeradius 3.0.14 and samba 4.7.x
smb.conf on the DC is pretty basic, most important is obviously in
[globall]:
ntlm auth =
2018 Mar 26
3
freeradius + NTLM + samba AD 4.5.x
Also I just facepalmed, as I double checked smb.conf right after sending
mail, and in samba 4.7 there are new options available for "ntlm auth",
as stated in docs:
|mschapv2-and-ntlmv2-only| - Only allow NTLMv1 when the client promises
that it is providing MSCHAPv2 authentication (such as the |ntlm_auth| tool).
So that is is I suppose that special "flag" that is used by
2016 Oct 10
5
SAMBA 4.5.0
Hello Helper,
i found this bug report:
https://bugzilla.samba.org/show_bug.cgi?id=12252
At this time i have a samba 4.1.6 Domain Controller and Freeradius-Server. The authentication works pretty well in 4.1.6. Now I built a new Domain Controller from source, version 4.5.0. The configuration like 4.1.6, but now I have an authentication issue. There is no helpfull information in freeradius log
2018 Mar 27
2
ODP: Re: freeradius + NTLM + samba AD 4.5.x
ok, tested it, and it works.
so to summarize:
on samba ad 4.7.x in smb.conf "ntlm auth" is set to "mschapv2-and-ntlmv2-only"
fr + samba domain member (4.6 and 4.7) in mods-available/mschap you have to add to ntlm_auth --allow-mschapv2 to the whole string OR just use winbind method, which sets correct flag without explicitly adding it.
with those settings ntlmv1 is blocked
2007 Dec 11
1
ntlm_auth only supports ntlmv1 and not ntlmv2 ?
Hello,
i set up a squid proxy that should authenticate users against a samba PDC using winbind.
It works fine as long i allow ntlmv1:
on the PDC:
ntlm auth = yes
lanman auth = no
client ntlmv2 auth = yes
If i restrict the domains authentication method to ntlmv2 - that's what i want - with these settings:
ntlm auth = no
lanman auth = no
client
2013 Apr 20
1
NT MD4 password encryption question
Are there multiple ways that Windows clients encrypt passwords? I'm seeing
different behavior between two clients.
On one, I can access a Samba share just fine. On the other, using the same
username and password to access the same share, I get "incorrect password."
Looking for the difference in Samba debug traces, I find it comes down to
this:
smb_password_ok: Checking SMB
2019 Nov 06
2
NTLM refuses to work on a DC
Hi there,
I'm trying to get FreeRADIUS to authenticate against my Samba DC. It's
Samba 4.7.6-ubuntu running on Ubuntu 18 (kernel version
4.15.0-66-generic). It came nicely packaged with Zentyal, which provides
a nice GUI for managing a domain, as well as a CA and lots of cool small
features. That same Zentyal also includes support for FreeRADIUS (3.0.16).
This is my smb.conf:
2018 Aug 20
6
Can't connect after Ubuntu 18.04.1 Upgrade???
I have a server which we use for backing up files.
Noticed there was an upgrade available to 18.04.1.
Now I cannot connect to from my win7 machine to the Ubuntu share.
Any thoughts on what would have changed???
Tom
2024 Jan 27
1
ntlm_auth not returning "STATUS_OK"
On 27-01-2024 11:56, Rowland Penny via samba wrote:
> On Fri, 26 Jan 2024 22:22:49 -0500
> Mark Foley via samba<samba at lists.samba.org> wrote:
>
>> On Wed Jan 24 05:03:25 2024 Rowland Penny via samba
>> <samba at lists.samba.org> wrote:
>>> On Tue, 23 Jan 2024 17:07:35 -0500
>>> Mark Foley via samba<samba at lists.samba.org> wrote:
2017 Jun 08
4
ntlm_auth and SMBv2/v3
hai,
Please keep it mailing to the list, this way is shows up of others also.
A workaround for disabling SMBv1, you can make your server less secure but thats not what i would do.
Setting these to enable NTLM v1 again.
lanman auth = yes
ntlm auth = yes
raw NTLMv2 auth = yes
I think also this is more a question for the free raduis list, but i would to for a ldap(s) setup.
just dont mixup
2017 Oct 02
2
"lanman auth" question
Hi All,
Server:
Fedora 26
samba-4.6.8-0.fc26.x86_64
Workstations (5 of them):
XP Pro SP3
I set all five of my customer XP workstations to
Send NTLMv2 response only\\refuse LM and NTLM
and turned off (smb.conf)
lanman auth = yes
ntlm auth = yes
And had to turn it right back on as the customer's
Xerox Workcentre 3550 multifunction printer scanner
requires it
What are
2001 Nov 03
5
libnss-ldap vs winbind?
I set up winbind on one box successfully. Now a friend told me
that it might be better to use ActiveDirectoriy (the PDC and all
other servers are win2000). What is the difference in both
approaches? which is 'better'?
I feel that ldap is the more general and cleaner solution. Is
that true? My windows-admins will get rid of wins soon. does
winbind rely on wins? can libnss-ldap also create