ntlm_auth - No logon workstation trust account

Phil Mayers p.mayers at imperial.ac.uk
Fri Oct 19 19:20:22 CEST 2012


Bryce Mackintosh <brycedrm at gmail.com> wrote:

>The problem isn't specific to one machine - All the machines I test
>cause
>the same ntlm_auth result. They are all correctly joined to the domain.
>
>
>On 19 October 2012 13:28, Chitrang Srivastava
><chitrang.srivastava at gmail.com
>> wrote:
>
>> Did the machine joined the AD domain before ntlm_auth (use net join
>to do
>> that ).
>>
>>
>> On Fri, Oct 19, 2012 at 1:49 PM, Bryce Mackintosh
><brycedrm at gmail.com>wrote:
>>
>>> Hi,
>>>
>>> I've been trying to get machine auth working for a good while and
>I'm
>>> currently stuck trying to figure out why ntlm_auth is returning "No
>logon
>>> workstation trust account (0xc0000199)". I've double checked AD and
>the
>>> account definitely exists, and the machine has no problem logging
>into the
>>> domain. User auth works fine.
>>>
>>> Here's an example command:
>>>
>>>     /usr/bin/ntlm_auth --request-nt-key --username=NOLP3003$
>--domain=FOO
>>> --challenge=4a8904ffb0ba86d2
>>> --nt-response=7ab480ea0a0754603629da316c9911935ff3c92daffcc621
>>>     No logon workstation trust account (0xc0000199)
>>>
>>> ntlm_auth is version 3.6.1-34.3.1-2691-SUSE-SL12.1-x86_64
>>>
>>> Does anyone have any suggestions? I realise that this isn't really a
>>> Freeradius issue, but I'm hoping someone here has come across this
>before.
>>>
>>> Thanks in advance,
>>>
>>> Bryce
>>>
>>> -
>>> List info/subscribe/unsubscribe? See
>>> http://www.freeradius.org/list/users.html
>>>
>>
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>
>
>------------------------------------------------------------------------
>
>-
>List info/subscribe/unsubscribe? See
>http://www.freeradius.org/list/users.html

There was an issue with earlier versions of samba not setting a particular flag on the rpc, so machine auth always failed. But that was a long time ago.

Is there some domain policy preventing it?
-- 
Sent from my phone. Please excuse brevity and typos.


More information about the Freeradius-Users mailing list