On Thu, 2006-11-30 at 19:17 -0500, Sebastien wrote: > Luis Daniel Lucio Quiroz a écrit : > > CHAP and any other varian wont work because password does not fly accross > > internet, CHAP use a hash to crypt one way password and sends that to > > server. > > Because server have a hash also (no same algorithm) it fails. If you want > > to > > use chap you must use clear text passwords on server (no hashes) but its a > > securrity issue > > Thanks for your response Luis! > At least, now I'm aware that there's no solution!
(just a late correction for the archives...) Indeed, for the original CHAP there isn't a solution, but for MSCHAP, this is meant to work, that is the point of the plugin (the AD server holds the magic values, the hashes, required). What user are you running ntlm_auth as? Can it access the winbindd privilaged pipe? Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. http://redhat.com
signature.asc
Description: This is a digitally signed message part
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
