# winbind_username = "%{mschap:User-Name}"
# winbind_domain = "%{mschap:NT-Domain}"
- # When using the winbind daemon directly, it is possible to
- # force accepting MSCHAPv2 authentication. This makes it
- # possible to authenticate to an Active Directory that uses
- # the local security policy 'Network Security: LAN Manager
- # authentication level' setting was changed to 'Send NTLMv2
- # Response Only. Refuse LM & NTLM'
-# winbind_allow_mschapv2 = no
-
#
# Information for the winbind connection pool. The configuration
# items below are the same for all modules which use the new
memcpy(authparams.password.response.challenge, challenge,
sizeof(authparams.password.response.challenge));
- if (inst->winbind_allow_mschapv2)
- authparams.parameter_control |= WBC_MSV1_0_ALLOW_MSVCHAPV2;
+ authparams.parameter_control |= WBC_MSV1_0_ALLOW_MSVCHAPV2;
/*
{ "retry_msg", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_mschap_t, retry_msg), NULL },
{ "winbind_username", FR_CONF_OFFSET(PW_TYPE_STRING | PW_TYPE_TMPL, rlm_mschap_t, wb_username), NULL },
{ "winbind_domain", FR_CONF_OFFSET(PW_TYPE_STRING | PW_TYPE_TMPL, rlm_mschap_t, wb_domain), NULL },
- { "winbind_allow_mschapv2", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_mschap_t, winbind_allow_mschapv2), "no" },
#ifdef __APPLE__
{ "use_open_directory", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_mschap_t, open_directory), "yes" },
#endif
vp_tmpl_t *wb_username;
vp_tmpl_t *wb_domain;
fr_connection_pool_t *wb_pool;
- bool winbind_allow_mschapv2;
#ifdef __APPLE__
bool open_directory;
#endif