problems getting ntlm_auth working.

L.P.H. van Belle belle at
Thu Aug 29 15:36:29 CEST 2019

Hai Alan, 

Thank you for you quick reply. 
I was already waiting for this responce of you. 
As i said..  Winbind auth/samba works..
I can do any test from CLI all work. 

ntlm_auth --request-nt-key --domain=NTDOM --username=username  --password='somepass'
NT_STATUS_OK: The operation completed successfully. (0x0)
ntlm_auth --mschap --request-nt-key --domain=NTDOM --username=username  --password='somepass'
NT_STATUS_OK: The operation completed successfully. (0x0)

wbinfo -a username%'somepass'
plaintext password authentication succeeded
challenge/response password authentication succeeded

I reported so much because i already notice more of these responces of you.. 
And im really sure my base setup is correct. 

> > (0) mschap: ERROR: Program returned code (1) and output 
> 'The attempted logon is invalid. This is either due to a bad 
> username or authentication information. (0xc000006d)'
>   That's pretty clear.  Samba is rejecting the request.  
> Maybe Samba is still refusing to allow ntlm_auth.  

No it is not, see above. 

>   There isn't much you can do to FreeRADIUS to fix this 
> issue.  Use the debug output above to run the "ntlm_auth" 
> program from the command line yourself.  Samba shouldn't care 
> about repeated authentication attempts which use the same 
> MS-CHAP magic hex strings.
>   Keep running ntlm_auth with the MS-CHAP strings, and poking 
> Samba until ntlm_auth succeeds.  At that point, FreeRADIUS 
> will work, too.

As shown, it does not. 
This is why im mailing to the list, yes, i know you get lots of these "failures" 
But im also a samba dev and i support the samba list and i know my samba setup works as it should. 

If my squid proxy uses ntlm_auth it works fine. 
So why not in freeradius.. We are missing something here really. 

So please, have a better look, or tell me more where to look. 



More information about the Freeradius-Users mailing list