New MS Logon - only NTLM possible

[MatthiasCybot]

Hello,

in our environment, NTLM is blocked due to security risks.

Might there be a possibility to allow Kerberos Authentication, LDAP or others?

Many thanks for your comments in advance.

Every feedback will be highly appreciated.

Best Regards

Matthias

[RudiDeVos]

In the code i can see that ldap is still in it, i don't use it myself and untested for a while. It's part of the old MSlogon method (old). If ad is found the user is checked if he belong to group xxx make sure ldapauth.dll is in the same folder as winvnc.exe

[MatthiasCybot]

Hi RudiDeVos,

Many thanks for your quick answer.

Unfortunately, we have the issue that we have a transition phase from one domain to another.

The MSLogon Old method is working fine with ldap but limited to the domain where the clients belong to.

Due to an incomplete trust, the users in the new domain can't be member in the groups in old domain, only in new domain.

Therefore I'd like to use the MSLogon new as this provides the option to use multiple domains.

Is there any option to use MSLogon new based on ldap?

Many thanks for your reply in advance.

Best regards

Matthias

[Neustradamus]

@RudiDeVos: Have you seen latest @MatthiasCybot comment?

[RudiDeVos]

MSlogon 2 put a acl security on a registry entry and then check if the user has access to this key. I don't have a ldap domain to test and it's not something i can setup in 5 minutes.
When i find a lot of time... sorry