Re: [Samba] freeradius + NTLM + samba AD 4.5.x
- Date: Mon, 26 Mar 2018 21:16:00 +0100
- From: Jonathan Hunter via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] freeradius + NTLM + samba AD 4.5.x
On 26 March 2018 at 14:31, Kacper Wirski via samba <samba@xxxxxxxxxxxxxxx>
> Also I just facepalmed, as I double checked smb.conf right after sending
> mail, and in samba 4.7 there are new options available for "ntlm auth", as
> stated in docs:
> |mschapv2-and-ntlmv2-only| - Only allow NTLMv1 when the client promises
> that it is providing MSCHAPv2 authentication (such as the |ntlm_auth| tool).
> I'll test it out later today and give some feedback if needed.
I tried exactly this a few days ago, and couldn't get it working.
Admittedly, I didn't spend too long on it, but I changed 'ntlm auth = yes'
to 'ntlm auth = mschapv2-and-ntlmv2-only' but freeradius then didn't
Do let me know how it goes for you, I also thought that this setting would
be much better for me..
Alternatively.. if there is a way of setting 'ntlm auth' on a per-IP basis,
then I could only enable it for the freeradius server. I wonder if I can
add 'include = /usr/local/samba/etc/smb.conf.%I' and then include 'ntlm
auth = yes' in a smb.conf just for the freeradius server.. I will report
"If we knew what it was we were doing, it would not be called research,
- Albert Einstein
To unsubscribe from this list go to the following URL and read the