hi,
I've been having the same problem here with ntlm_auth and NTLMv2 except that
in my case I'm trying to get a radius server to authenticate against our AD
server.

Our desktop services team have configured their end to only accept NTLMv2.
The radius server expects the linux box to be a member of the AD domain and
then uses ntlm_auth as shown in the log snippet below. You always get a
wrong password error message irrespective of whether the user exists or not.

I am using the Red Hat version of samba as supplied in RHEL V4.0

(Samba version 3.0.10-1.4E.2)

The program uses

/usr/bin/ntlm_auth --helper-protocol=ntlm-server-1

if I use ntlm-auth --username=xxx --password=yyy --domain=a.b.c.d

then everything works just fine.

in a previous message Andrew said that ntlm_auth requires
use_ntlm_negotiate on set up in squid.conf
Given that I seem to have the same problem is there any general smb.conf
param i can set to configure the equivalent functionality?

My smb.conf file has

[global]
workgroup = ADIR
security = domain
password server = 150.237.54.198
realm = ADIR.HULL.AC.UK
preferred master = no
server string = Hull Comms support server
security = ADS
use spnego = yes
encrypt passwords = yes
log level = 3
log file = /var/log/samba/%m
max log size = 50
winbind separator = +
bind interfaces only =yes
interfaces =150.237.47.22 127.0.0.1
client NTLMv2 auth=yes
# ldap ssl = start_tls


TIA
alex


Tue Mar 7 11:16:39 2006: DEBUG: Handling request with Handler
'ConvertedFromEAPMSCHAPV2=1'
Tue Mar 7 11:16:39 2006: DEBUG: Handling with Radius::AuthNTLM:
Tue Mar 7 11:16:39 2006: DEBUG: Radius::AuthNTLM looks for match with fred
[fred]
Tue Mar 7 11:16:39 2006: INFO: Starting NtlmAuthProg: /usr/bin/ntlm_auth
--helper-protocol=ntlm-server-1
Tue Mar 7 11:16:39 2006: DEBUG: Passing attribute Request-User-Session-Key:
Yes
Tue Mar 7 11:16:39 2006: DEBUG: Passing attribute
Request-LanMan-Session-Key: Yes
Tue Mar 7 11:16:39 2006: DEBUG: Passing attribute LANMAN-Challenge:
c5b8a3ec1c76b78d
Tue Mar 7 11:16:39 2006: DEBUG: Passing attribute NT-Response:
b2f40e83aab003b7e7d0c0e36b7d5b1a5652b49f5da06026
Tue Mar 7 11:16:39 2006: DEBUG: Passing attribute NT-Domain::
QURJUi5IVUxMLkFDLlVL
Tue Mar 7 11:16:39 2006: DEBUG: Passing attribute Username:: ZnJlZA==
Tue Mar 7 11:16:39 2006: DEBUG: Received attribute: Authenticated: No
Tue Mar 7 11:16:39 2006: DEBUG: Received attribute: Authentication-Error:
Wrong Password
Tue Mar 7 11:16:39 2006: DEBUG: Received attribute: .
Tue Mar 7 11:16:39 2006: WARNING: NTLM Could not authenticate user: Wrong
Password
Tue Mar 7 11:16:39 2006: DEBUG: Radius::AuthNTLM REJECT: AuthBy NTLM
Password check failed: fred [fred]
Tue Mar 7 11:16:39 2006: DEBUG: AuthBy NTLM result: REJECT, AuthBy NTLM
Password check failed
Tue Mar 7 11:16:39 2006: DEBUG: calling_station_hook:Access-Request called
Tue Mar 7 11:16:39 2006: DEBUG: calling_station_hook:exited
Tue Mar 7 11:16:39 2006: INFO: Access rejected for fred: AuthBy NTLM
Password check failed
Tue Mar 7 11:16:39 2006: DEBUG: Converted EAP-MSCHAPV2 response Packet
dump:

--
View this message in context: http://www.nabble.com/Urgent-Samba-S....html#a3297403
Sent from the Samba - General forum at Nabble.com.

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba