On Tue, 2007-12-11 at 11:02 +0100, Oliver Poths wrote: > Hello, > > i set up a squid proxy that should authenticate users against a samba PDC > using winbind. > It works fine as long i allow ntlmv1: > on the PDC: > ntlm auth = yes > lanman auth = no > client ntlmv2 auth = yes > > > If i restrict the domains authentication method to ntlmv2 - that's what i > want - with these settings: > > ntlm auth = no > lanman auth = no > client ntlmv2 auth = yes > > i get this error in the logs: > ntlm_password_check: NTLMv1 passwords NOT PERMITTED for user willi > [2007/11/19 19:41:09, 3] libsmb/ntlm_check.c:ntlm_password_check(356) > ntlm_password_check: NEITHER LanMan nor NT password supplied for user > willi > > The proxy denies access of course. > > So is this a limitation of ntlm_auth ? > Is it somehow possible to get ntlmv2 working ? > The used Version is winbind package from debian etch 3.0.24-6etch8.
ntlm_auth, squid and winbind are all proxies in this game. The client is in fact the workstation where the request originates, and this must be forced to send NTLMv2 only. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc.
signature.asc
Description: This is a digitally signed message part
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
