mirror of
https://github.com/samba-team/samba.git
synced 2025-01-11 05:18:09 +03:00
0b500d413c
An implementation of https://lists.samba.org/archive/samba/2012-March/166497.html (which has been discussed in 2012, but was never implemented). It has been tested on a Debian Jessie system with this patch added to the Debian package (which is currently 4.1.17). Even though this is Samba 4, the ntlm_auth installed is the one from Samba 3 (yes, it surprised me too). The backend was a machine with Windows 2012R2. It was first tested with the local security policy 'Network Security: LAN Manager authentication level' setting changed to 'Send NTLMv2 Response Only' (allow ntlm v1). This way we are able to authenticate with and without the MSV1_0_ALLOW_MSVCHAPV2 flag (as expected). After the basic step has been verified, the local security policy 'Network Security: LAN Manager authentication level' setting was changed to 'Send NTLMv2 Response Only. Refuse LM & NTLM' (only allow ntlm v2). The behaviour now changed according to the MSV1_0_ALLOW_MSVCHAPV2 flag (again: as expected). $ ntlm_auth --request-nt-key --username=XXXXXXXXXXXXX --challenge=XXXXXXXXXXXXXXXXX --nt-response=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX --domain= Logon failure (0xc000006d) $ ntlm_auth --request-nt-key --username=XXXXXXXXXXXXX --challenge=XXXXXXXXXXXXXXXXX --nt-response=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX --domain= --allow-mschapv2 NT_KEY: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX The changes in `wbclient.h` are intended for programs that use libwinbind directly instead of authenticating via `ntlm_auth`. I intend to use that within FreeRADIUS (see https://bugzilla.samba.org/show_bug.cgi?id=11149). BUG: https://bugzilla.samba.org/show_bug.cgi?id=11694 Signed-off-by: Herwin Weststrate <herwin@quarantainenet.nl> Reviewed-by: Kai Blin <kai@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> |
||
|---|---|---|
| .. | ||
| cifsdd.8.xml | ||
| dbwrap_tool.1.xml | ||
| eventlogadm.8.xml | ||
| findsmb.1.xml | ||
| idmap_ad.8.xml | ||
| idmap_autorid.8.xml | ||
| idmap_hash.8.xml | ||
| idmap_ldap.8.xml | ||
| idmap_nss.8.xml | ||
| idmap_rfc2307.8.xml | ||
| idmap_rid.8.xml | ||
| idmap_script.8.xml | ||
| idmap_tdb2.8.xml | ||
| idmap_tdb.8.xml | ||
| libsmbclient.7.xml | ||
| lmhosts.5.xml | ||
| log2pcap.1.xml | ||
| net.8.xml | ||
| nmbd.8.xml | ||
| nmblookup.1.xml | ||
| ntlm_auth.1.xml | ||
| pam_winbind.8.xml | ||
| pam_winbind.conf.5.xml | ||
| pdbedit.8.xml | ||
| profiles.1.xml | ||
| rpcclient.1.xml | ||
| samba-regedit.8.xml | ||
| samba-tool.8.xml | ||
| samba.7.xml | ||
| samba.8.xml | ||
| sharesec.1.xml | ||
| smb.conf.5.xml | ||
| smbcacls.1.xml | ||
| smbclient.1.xml | ||
| smbcontrol.1.xml | ||
| smbcquotas.1.xml | ||
| smbd.8.xml | ||
| smbget.1.xml | ||
| smbgetrc.5.xml | ||
| smbpasswd.5.xml | ||
| smbpasswd.8.xml | ||
| smbspool_krb5_wrapper.8.xml | ||
| smbspool.8.xml | ||
| smbstatus.1.xml | ||
| smbtar.1.xml | ||
| smbtree.1.xml | ||
| testparm.1.xml | ||
| vfs_acl_tdb.8.xml | ||
| vfs_acl_xattr.8.xml | ||
| vfs_aio_fork.8.xml | ||
| vfs_aio_linux.8.xml | ||
| vfs_aio_pthread.8.xml | ||
| vfs_audit.8.xml | ||
| vfs_btrfs.8.xml | ||
| vfs_cacheprime.8.xml | ||
| vfs_cap.8.xml | ||
| vfs_catia.8.xml | ||
| vfs_ceph.8.xml | ||
| vfs_commit.8.xml | ||
| vfs_crossrename.8.xml | ||
| vfs_default_quota.8.xml | ||
| vfs_dirsort.8.xml | ||
| vfs_extd_audit.8.xml | ||
| vfs_fake_perms.8.xml | ||
| vfs_fileid.8.xml | ||
| vfs_fruit.8.xml | ||
| vfs_full_audit.8.xml | ||
| vfs_glusterfs.8.xml | ||
| vfs_gpfs.8.xml | ||
| vfs_linux_xfs_sgid.8.xml | ||
| vfs_media_harmony.8.xml | ||
| vfs_netatalk.8.xml | ||
| vfs_offline.8.xml | ||
| vfs_prealloc.8.xml | ||
| vfs_preopen.8.xml | ||
| vfs_readahead.8.xml | ||
| vfs_readonly.8.xml | ||
| vfs_recycle.8.xml | ||
| vfs_shadow_copy2.8.xml | ||
| vfs_shadow_copy.8.xml | ||
| vfs_shell_snap.8.xml | ||
| vfs_snapper.8.xml | ||
| vfs_streams_depot.8.xml | ||
| vfs_streams_xattr.8.xml | ||
| vfs_syncops.8.xml | ||
| vfs_time_audit.8.xml | ||
| vfs_tsmsm.8.xml | ||
| vfs_unityed_media.8.xml | ||
| vfs_worm.8.xml | ||
| vfs_xattr_tdb.8.xml | ||
| vfs_zfsacl.8.xml | ||
| vfstest.1.xml | ||
| wbinfo.1.xml | ||
| winbind_krb5_locator.7.xml | ||
| winbindd.8.xml | ||