hi, I've been having the same problem here with ntlm_auth and NTLMv2 except that in my case I'm trying to get a radius server to authenticate against our AD server.
Our desktop services team have configured their end to only accept NTLMv2. The radius server expects the linux box to be a member of the AD domain and then uses ntlm_auth as shown in the log snippet below. You always get a wrong password error message irrespective of whether the user exists or not. I am using the Red Hat version of samba as supplied in RHEL V4.0 (Samba version 3.0.10-1.4E.2) The program uses /usr/bin/ntlm_auth --helper-protocol=ntlm-server-1 if I use ntlm-auth --username=xxx --password=yyy --domain=a.b.c.d then everything works just fine. in a previous message Andrew said that ntlm_auth requires use_ntlm_negotiate on set up in squid.conf Given that I seem to have the same problem is there any general smb.conf param i can set to configure the equivalent functionality? My smb.conf file has [global] workgroup = ADIR security = domain password server = 150.237.54.198 realm = ADIR.HULL.AC.UK preferred master = no server string = Hull Comms support server security = ADS use spnego = yes encrypt passwords = yes log level = 3 log file = /var/log/samba/%m max log size = 50 winbind separator = + bind interfaces only =yes interfaces =150.237.47.22 127.0.0.1 client NTLMv2 auth=yes # ldap ssl = start_tls TIA alex Tue Mar 7 11:16:39 2006: DEBUG: Handling request with Handler 'ConvertedFromEAPMSCHAPV2=1' Tue Mar 7 11:16:39 2006: DEBUG: Handling with Radius::AuthNTLM: Tue Mar 7 11:16:39 2006: DEBUG: Radius::AuthNTLM looks for match with fred [fred] Tue Mar 7 11:16:39 2006: INFO: Starting NtlmAuthProg: /usr/bin/ntlm_auth --helper-protocol=ntlm-server-1 Tue Mar 7 11:16:39 2006: DEBUG: Passing attribute Request-User-Session-Key: Yes Tue Mar 7 11:16:39 2006: DEBUG: Passing attribute Request-LanMan-Session-Key: Yes Tue Mar 7 11:16:39 2006: DEBUG: Passing attribute LANMAN-Challenge: c5b8a3ec1c76b78d Tue Mar 7 11:16:39 2006: DEBUG: Passing attribute NT-Response: b2f40e83aab003b7e7d0c0e36b7d5b1a5652b49f5da06026 Tue Mar 7 11:16:39 2006: DEBUG: Passing attribute NT-Domain:: QURJUi5IVUxMLkFDLlVL Tue Mar 7 11:16:39 2006: DEBUG: Passing attribute Username:: ZnJlZA== Tue Mar 7 11:16:39 2006: DEBUG: Received attribute: Authenticated: No Tue Mar 7 11:16:39 2006: DEBUG: Received attribute: Authentication-Error: Wrong Password Tue Mar 7 11:16:39 2006: DEBUG: Received attribute: . Tue Mar 7 11:16:39 2006: WARNING: NTLM Could not authenticate user: Wrong Password Tue Mar 7 11:16:39 2006: DEBUG: Radius::AuthNTLM REJECT: AuthBy NTLM Password check failed: fred [fred] Tue Mar 7 11:16:39 2006: DEBUG: AuthBy NTLM result: REJECT, AuthBy NTLM Password check failed Tue Mar 7 11:16:39 2006: DEBUG: calling_station_hook:Access-Request called Tue Mar 7 11:16:39 2006: DEBUG: calling_station_hook:exited Tue Mar 7 11:16:39 2006: INFO: Access rejected for fred: AuthBy NTLM Password check failed Tue Mar 7 11:16:39 2006: DEBUG: Converted EAP-MSCHAPV2 response Packet dump: -- View this message in context: http://www.nabble.com/Urgent-Samba-Squid-NTLM-Auth-Problems-t507168.html#a3297403 Sent from the Samba - General forum at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba