ntlm_auth authentication against multiple ADS domains

Phil Mayers p.mayers at imperial.ac.uk
Fri Feb 9 12:16:45 CET 2007

Dow, Corey wrote:
> Ntlm_auth --request-nt-key --DOMAIN=XYZ --username=jdoe

This has been mentioned a few times in the archives, I believe without 
resolution. I'm not certain it works without some level of fiddling - 
it's been a while and my samba/ntdom/kerb skills are two years rusty, 
but I can envisage needing to enable permissions.

Specifically the ntlm_auth helper executes an MS-RPC against the DC. 
You'll need to both authenticate to the DC in the other domain *and* 
have permissions to execute that RPC.

You might ask on the Samba mailing list - they'll have more familiarity 
with the vagaries of the NT domain protocols and trusts. Do please let 
us know if you do and get an answer.


Interesting. If you wireshark at the same time, what you can Samba doing?

More information about the Freeradius-Users mailing list