RE: aquarela I think the problem is in my setup of interfaces and stacks on the CPU/Auth server; I've been unable to yet properly setup the two interfaces - local and external - of the CPU/Auth server to play in conjunction with each other. So it's possible that it's trying to connect to the auth server on the internal IP, which is unreachable once I bind the external stack over the internal stack in /net. I'm not sure what the fix is...
On Thu, Jul 22, 2010 at 1:50 AM, Steve Simon <st...@quintile.net> wrote: >> smbnegotiate: 'NT LM 0.12' >> smbnegotiate: couldn't get mschap challenge >> reply: error 2/1 > > Re: aquarela > > I don't use aquarela these days, but I think the problem is > to do with aquarela being unable to contact keyfs. > > aquarela must be started on your server after keyfs, I run it > on my work terminal/fs/auth/cpu all-in-one server and it is > envoked in /cfg/$sysname/termrc after keyfs (starting keyfs > and aquarela in termrc is very unusual but as I said I have > an all in one box). > > check how it is started. > > RE cifs > > BTW, I am interested if you have problems with cifs. > > I know there a bug in the default ntlmv2 auth when working with Vista > (and probably windows 7 too), but if you fall back to less secure > auth on the wire (e.g. by adding -a ntlm to the cifs command line) > then it works. > > Windows auth is a mess, and kerberos with asn.1 is ugly. > > -Steve > >