winbind vs ntlm_auth

3@D4rkn3ss DuMb 32d4rkn3ss at gmail.com
Tue Jun 14 18:33:53 CEST 2016


Thank you Alan! Helped a lot :)

>
> Message: 1
> Date: Mon, 13 Jun 2016 19:22:27 +0300
> From: "3 at D4rkn3ss DuMb" <32d4rkn3ss at gmail.com>
> To: Freeradius-Users at lists.freeradius.org
> Subject: winbind vs ntlm_auth
> Message-ID:
>         <
> CAMDafwCrPp7Ev-rQhX_haS0L_PjGSqVg+LMGZtDiAiCLZkkZwA at mail.gmail.com>
> Content-Type: text/plain; charset=UTF-8
>
> Dear List,
>
> I have a wired 802.1X working setup using the following:
> - PEAPoMSCHAPv2 + Mac verification in MySQL DB for all 802.1X capable
> endpoints.
> - MAB only for all non 802.1X capable endpoints.
>
> but still, I am confused about  the difference a simple ntlm_auth as an
> authentication method used by winbind, and a 'direct' winbind
> authentication (from a freeradius point of view)!
>
> My main concern is here:
> http://wiki.freeradius.org/guide/Active-Directory-direct-via-winbind
>
> and my setup used
>
> http://wiki.freeradius.org/guide/FreeRADIUS-Active-Directory-Integration-HOWTO
>
>
> .. Any explanation would really be appreciated :)
>
> thank you,
>
>
> ------------------------------
>
> Message: 2
> Date: Tue, 14 Jun 2016 07:55:42 +0000
> From: A.L.M.Buxey at lboro.ac.uk
> To: FreeRadius users mailing list
>         <freeradius-users at lists.freeradius.org>
> Subject: Re: winbind vs ntlm_auth
> Message-ID: <20160614075542.GA28357 at lboro.ac.uk>
> Content-Type: text/plain; charset=us-ascii
>
> Hi,
>
> > but still, I am confused about  the difference a simple ntlm_auth as an
> > authentication method used by winbind, and a 'direct' winbind
> > authentication (from a freeradius point of view)!
>
> the old legacy method uses ntlm_auth as an extrenal program to do
> authentication
>
> the native/direct winbind method uses the winbind libraries so that
> authentication is
> done directly by FreeRADIUS, using a winbind connection pool (just like
> SQL,LDAP etc)
> and not calling/spawning an external program.  result is much much faster
> authentications and better scaling.
>
> your FR will need to be latest version compiled against recent SAMBA
> correctly.  unlikely
> that such a packge will come from your distro providers right now
>
> alan
>
>
>
>


More information about the Freeradius-Users mailing list