--===============0284927924==
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature";
boundary="=-YgFhLv4bDDl/g46txacu"


--=-YgFhLv4bDDl/g46txacu
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Fri, 2006-03-10 at 11:10 -0800, Raj Talwar wrote:
> Is it possible to use NTLMv2 with MSCHAPv2 (using ntlm_auth and winbindd)=
.. What do I need to put in the smb.conf to make this work.=20

MSCHAPv2 is encryption compatible with NTLM, not NTLMv2. (It simply
changes how the 8-byte LM challenge is prepared, and removes the LM
response).

The client cannot (while sending a valid MSCHAPv2 response) us the
NTLMv2 crypto.

However, if as I suspect the issue regards the policy settings which
appear to allow MSCHAPv2 from a windows RADIUS server, but not a Samba
ntlm_auth/winbind server, to a domain allowing only NTLMv2
authentication, then I remain stumped. See my mail earlier today.

Andrew Bartlett

--=20
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net

--=-YgFhLv4bDDl/g46txacu
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.1 (GNU/Linux)

iD8DBQBEEeuEz4A8Wyi0NrsRAnE5AJ0aG8pk5euWcovjY/v6+lwM5YbkpACfVqte
1WutQP+35anPU05JRA2uqS0=
=7WQB
-----END PGP SIGNATURE-----

--=-YgFhLv4bDDl/g46txacu--


--===============0284927924==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
--===============0284927924==--