Bug 12252 - [PATCH] "ntlm_auth --enable-mschapv2" is broken
[PATCH] "ntlm_auth --enable-mschapv2" is broken
Status: NEW
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Winbind
4.5.0rc3
All All
: P5 normal
: ---
Assigned To: Samba QA Contact
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-09-10 19:22 UTC by Mantas M.
Modified: 2016-09-10 22:44 UTC (History)
1 user (show)

See Also:


Attachments
patch (1.26 KB, patch)
2016-09-10 19:22 UTC, Mantas M.
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Mantas M. 2016-09-10 19:22:59 UTC
Created attachment 12456 [details]
patch

As mentioned in the release notes, Samba 4.5.0 disables 'ntlm auth' by default, which breaks MSCHAPv2 auth. I was looking for a way to fix MSCHAPv2 without having to globally re-enable NTLMv1.

Commit 0b500d413c5b76188c0c566318be7079b777237c adds `ntlm_auth --allow-mschapv2` for client-side support for MSV1_0_ALLOW_MSVCHAPV2, but doesn't implement the server side. (It seems this was mainly for authenticating against real Windows servers?)

Attached is my first (working) attempt to implement handling of this flag.