Re: [EXTERNAL] Re: Can ntlm_auth version 3.5.10 be used to perform ntlmv2 authentication against a w2008 DC?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Tue, 2012-03-06 at 19:52 -0700, Glenn Machin wrote:
> Well I cannot provide proof that the Microsoft radius server is
> setting the bit. However  setting the MSV1_0_ALLOW_MSVCHAPV2 bit in
> the request.data.auth_crap.logon_parameters of the
> contact_winbind_auth_crap() function  fixes the issue with ntlm_auth
> not being able to authenticate mschapv2 to a W2008 DC where the
> LMCompatibility level is set to 5 => " Clients use only NTLMv2
> authentication, and they use NTLMv2 session security if the server
> supports it. Domain controller refuses LM and NTLM authentication
> responses, but it accepts NTLMv2".
> 
> ntlm_auth.c:
>         request.data.auth_crap.logon_parameters =
>         MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT |
>         MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT | MSV1_0_ALLOW_MSVCHAPV2 ;

Thanks.  I'll try and sort this out, and check if NTLM2 session security
(NTLMSSP) also sets this.  Shouldn't be too hard with a Windows member
of Samba4.

I'm sorry this has taken so many years. 

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


[Linux]     [Info Cyrus]     [LARTC]     [Bugtraq]     [Netfilter]     [Internet Dating Forums]     [RAID]     [Yosemite News]     [Photography]

Add to Google Powered by Linux