On 8.9.2023 0.55, Ullfig, Roberto Alfredo via radiator wrote:
This is what the process looks like:
/usr/bin/ntlm_auth --helper-protocol=ntlm-server-1
so we're using NTLM v1 correct? Is that the proper way to run ntlm_auth?
That is a proper way to run ntlm_auth. What you could do is to add a
flag to ntlm_auth parameters. The flag is: --allow-mschapv2
With this flag it's still possible to use MSCHAP based authentication
methods even if older authentication methods are otherwise disabled on
the Windows server. For more information, see this:
https://files.radiatorsoftware.com/radiator/ref/AuthByNTLM.html#Domain_AuthByNTLM-3
My understanding is that MSCHAP and MSCHAPv2 always require NTLM v1.
Parameter --helper-protocol=ntlm-server-1 sets the method Radiator and
ntlm_auth communicate with each other. It determines how the information
is formatted between the two and it does not set the NTLM version. For
more, see here:
https://www.samba.org/samba/docs/current/man-html/ntlm_auth.1.html
Thanks,
Heikki
--
Heikki Vatiainen
OSC, makers of Radiator
Visit radiatorsoftware.com for Radiator AAA server software
_______________________________________________
radiator mailing list
[email protected]
https://lists.open.com.au/mailman/listinfo/radiator
