ntlm_auth authentication against multiple ADS domains
p.mayers at imperial.ac.uk
Fri Feb 9 12:16:45 CET 2007
Dow, Corey wrote:
> Ntlm_auth --request-nt-key --DOMAIN=XYZ --username=jdoe
This has been mentioned a few times in the archives, I believe without
resolution. I'm not certain it works without some level of fiddling -
it's been a while and my samba/ntdom/kerb skills are two years rusty,
but I can envisage needing to enable permissions.
Specifically the ntlm_auth helper executes an MS-RPC against the DC.
You'll need to both authenticate to the DC in the other domain *and*
have permissions to execute that RPC.
You might ask on the Samba mailing list - they'll have more familiarity
with the vagaries of the NT domain protocols and trusts. Do please let
us know if you do and get an answer.
> But I get an NT_STATUS_IO_TIMEOUT.
Interesting. If you wireshark at the same time, what you can Samba doing?
More information about the Freeradius-Users