Hai Alan, Thank you for you quick reply. I was already waiting for this responce of you. As i said.. Winbind auth/samba works.. I can do any test from CLI all work. ntlm_auth --request-nt-key --domain=NTDOM --username=username --password='somepass' NT_STATUS_OK: The operation completed successfully. (0x0) ntlm_auth --mschap --request-nt-key --domain=NTDOM --username=username --password='somepass' NT_STATUS_OK: The operation completed successfully. (0x0) wbinfo -a username%'somepass' plaintext password authentication succeeded challenge/response password authentication succeeded I reported so much because i already notice more of these responces of you.. And im really sure my base setup is correct.
(0) mschap: ERROR: Program returned code (1) and output 'The attempted logon is invalid. This is either due to a bad username or authentication information. (0xc000006d)'
That's pretty clear. Samba is rejecting the request. Maybe Samba is still refusing to allow ntlm_auth.
No it is not, see above.
There isn't much you can do to FreeRADIUS to fix this issue. Use the debug output above to run the "ntlm_auth" program from the command line yourself. Samba shouldn't care about repeated authentication attempts which use the same MS-CHAP magic hex strings.
Keep running ntlm_auth with the MS-CHAP strings, and poking Samba until ntlm_auth succeeds. At that point, FreeRADIUS will work, too.
As shown, it does not. This is why im mailing to the list, yes, i know you get lots of these "failures" But im also a samba dev and i support the samba list and i know my samba setup works as it should. If my squid proxy uses ntlm_auth it works fine. So why not in freeradius.. We are missing something here really. So please, have a better look, or tell me more where to look. Greetz, Louis