On Thu, 2006-03-09 at 16:48 +0000, Alex Sharaz wrote: > Chaps, > > I'm trying to get a radius server to authenticate to AD via the samba > ntlm_auth program.
> If we turn down the AD auth to use ntlm then authentication works o.k. The problem is that MSCHAPv2 is cryptographically equivalent to NTLM, not NTLMv2 at the DC end. I suspect there is a flag we need to send to the DC, to make it ignore it's own policy here. Any help chasing this down gratefully appreciated: Mostly I need to see how an MS RADIUS server would achieve the same results, but with 'secure channel: require signing' set, rather than sealing (it is a local/domain policy). (This will allow the collection of an ethereal trace between the RADIUS server and the DC). Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net
signature.asc
Description: This is a digitally signed message part
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba