How to setup Freeradius in a Domain
jmeiring at pcservices.co.za
Thu Jul 14 09:45:30 CEST 2011
On 2011/07/13 06:51 PM, Phil Mayers wrote:
> If you are using Samba as your domain controllers, then you have access to
> the SAM and can extract the LM/NT hash from whatever backend you use.
> So you can just feed that info straight to FreeRADIUS. No need to use
> ntlm_auth / samba membership - just dump the NT hashes somewhere FreeRADIUS
> can get at them, or if you're using LDAP, point FreeRADIUS at that LDAP
> server and make sure it can read the ntPassword attribute.
> This is preferable to using ntlm_auth in fact.
So the ntlm_auth "hack" is just because a Microsoft Domain Controller/LDAP
refuses to share the ntPassword attribute with anyone that does not look
Hopefully Samba4 changes that as it should have a copy of the AD database!
Cape PC Services CC
Tel: (021) 883-8271
Fax: (021) 886-7782
Before acting on this email or opening any attachments
you should read Cape PC Service's email disclaimer at:
More information about the Freeradius-Users