Sorry to pester u Alan :P Does mschapv2 also support ntlm_auth ? and now that I understand your tables (well I think) I should be able to persuade my employer to use ntlm and firewall the the samba ports. On 4/23/07, Alan DeKok <aland@deployingradius.com> wrote:
Jacob Jarick wrote:
Is it true that the only way to authenticate against active directory is using ntlm_auth ?
For ms-chap, yes.
I have been specifically asked not to use the ntlm_auth method against AD out of security cocerns from having samba installed. I cant see the risk of having samba installed myself if no directorys are being shared (please correct me if Im wrong).
Yes. You can also put firewall rules in place to block any traffic to the Samba machine.
Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html