On 2011/07/13 06:51 PM, Phil Mayers wrote:
If you are using Samba as your domain controllers, then you have access to the SAM and can extract the LM/NT hash from whatever backend you use.
So you can just feed that info straight to FreeRADIUS. No need to use ntlm_auth / samba membership - just dump the NT hashes somewhere FreeRADIUS can get at them, or if you're using LDAP, point FreeRADIUS at that LDAP server and make sure it can read the ntPassword attribute.
This is preferable to using ntlm_auth in fact.
OK... So the ntlm_auth "hack" is just because a Microsoft Domain Controller/LDAP refuses to share the ntPassword attribute with anyone that does not look like Microsoft? Hopefully Samba4 changes that as it should have a copy of the AD database! Thanks! -- Johan Meiring Cape PC Services CC Tel: (021) 883-8271 Fax: (021) 886-7782 -------------------- Before acting on this email or opening any attachments you should read Cape PC Service's email disclaimer at: http://www.pcservices.co.za/disclaimer.html