CHAP and any other varian wont work because password does not fly accross internet, CHAP use a hash to crypt one way password and sends that to server. Because server have a hash also (no same algorithm) it fails. If you want to use chap you must use clear text passwords on server (no hashes) but its a securrity issue
Le mardi 28 novembre 2006 15:52, Sebastien a écrit : > Hello, > > I'm trying to authenticate PPP (in fact l2tp...) users with Active > Directory (windows server 2003 DCs, mixed-mode domain) using winbind / > ntlm_auth. I'm using Samba 3.0.22, PPP 2.4.3, Kerberos 1.3.6, with > Trustix 2.2 > > What works : > - krb5kinit (and krb5klist -e) > - net ads join > - wbinfo -u, wbinfo -g, wbinfo -a user%pwd, wbinfo -p, wbinfo -t and > wbinfo -m > - getent passwd and getent group > - ntlm_auth --username=user --domain=domain.x.y > - ntlm_auth --username=user --domain=domain.x.y --request-lm-key > - ntlm_auth --username=user --domain=domain.x.y --request-nt-key > - authentication through ppp (mschap-v2 with chap-secrets) > > What is not working : > - ntlm_auth --username=user --domain=domain.x.y --diagnostics (and every > other variation...) > - authentication through ppp (mschap-v2 with winbind plugin) > > I verified the paths to ntlm_auth in the options.l2tpd file, and it's > ok. In the logs, it only says that the host failed CHAP authentication. > The error code for ntlm_auth is 6A (wrong password) > > Anyone has an idea? > Thanks in advance! > > Sebastien -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
