Re: [EXTERNAL] Re: Can ntlm_auth version 3.5.10 be used to perform ntlmv2 authentication against a w2008 DC?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

On Tue, 2012-03-06 at 19:52 -0700, Glenn Machin wrote:
> Well I cannot provide proof that the Microsoft radius server is
> setting the bit. However  setting the MSV1_0_ALLOW_MSVCHAPV2 bit in
> the of the
> contact_winbind_auth_crap() function  fixes the issue with ntlm_auth
> not being able to authenticate mschapv2 to a W2008 DC where the
> LMCompatibility level is set to 5 => " Clients use only NTLMv2
> authentication, and they use NTLMv2 session security if the server
> supports it. Domain controller refuses LM and NTLM authentication
> responses, but it accepts NTLMv2".
> ntlm_auth.c:
> =

Thanks.  I'll try and sort this out, and check if NTLM2 session security
(NTLMSSP) also sets this.  Shouldn't be too hard with a Windows member
of Samba4.

I'm sorry this has taken so many years. 

Andrew Bartlett

Andrew Bartlett                      
Authentication Developer, Samba Team 

To unsubscribe from this list go to the following URL and read the

[Linux]     [Info Cyrus]     [LARTC]     [Bugtraq]     [Netfilter]     [Internet Dating Forums]     [RAID]     [Yosemite News]     [Photography]

Add to Google Powered by Linux