mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
0b500d413c
An implementation of https://lists.samba.org/archive/samba/2012-March/166497.html (which has been discussed in 2012, but was never implemented). It has been tested on a Debian Jessie system with this patch added to the Debian package (which is currently 4.1.17). Even though this is Samba 4, the ntlm_auth installed is the one from Samba 3 (yes, it surprised me too). The backend was a machine with Windows 2012R2. It was first tested with the local security policy 'Network Security: LAN Manager authentication level' setting changed to 'Send NTLMv2 Response Only' (allow ntlm v1). This way we are able to authenticate with and without the MSV1_0_ALLOW_MSVCHAPV2 flag (as expected). After the basic step has been verified, the local security policy 'Network Security: LAN Manager authentication level' setting was changed to 'Send NTLMv2 Response Only. Refuse LM & NTLM' (only allow ntlm v2). The behaviour now changed according to the MSV1_0_ALLOW_MSVCHAPV2 flag (again: as expected). $ ntlm_auth --request-nt-key --username=XXXXXXXXXXXXX --challenge=XXXXXXXXXXXXXXXXX --nt-response=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX --domain= Logon failure (0xc000006d) $ ntlm_auth --request-nt-key --username=XXXXXXXXXXXXX --challenge=XXXXXXXXXXXXXXXXX --nt-response=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX --domain= --allow-mschapv2 NT_KEY: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX The changes in `wbclient.h` are intended for programs that use libwinbind directly instead of authenticating via `ntlm_auth`. I intend to use that within FreeRADIUS (see https://bugzilla.samba.org/show_bug.cgi?id=11149). BUG: https://bugzilla.samba.org/show_bug.cgi?id=11694 Signed-off-by: Herwin Weststrate <herwin@quarantainenet.nl> Reviewed-by: Kai Blin <kai@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> |
||
---|---|---|
.. | ||
libwbclient | ||
tests | ||
nsstest.c | ||
nsstest.h | ||
pam_winbind.c | ||
pam_winbind.h | ||
wb_common.c | ||
wb_reqtrans.c | ||
wb_reqtrans.h | ||
wbinfo.c | ||
winbind_client.h | ||
winbind_krb5_locator.c | ||
winbind_nss_aix.c | ||
winbind_nss_config.h | ||
winbind_nss_freebsd.c | ||
winbind_nss_hpux.h | ||
winbind_nss_irix.c | ||
winbind_nss_irix.h | ||
winbind_nss_linux.c | ||
winbind_nss_linux.h | ||
winbind_nss_netbsd.c | ||
winbind_nss_netbsd.h | ||
winbind_nss_solaris.c | ||
winbind_nss_solaris.h | ||
winbind_nss.h | ||
winbind_struct_protocol.h | ||
wins_freebsd.c | ||
wins.c | ||
wscript_build | ||
wscript_configure |