5 Jan
2017
5 Jan
'17
12:28 p.m.
Hi, There are several documents about how to authenticate MSCHAP requests against Samba 4 / AD. My question is, what's the preferred way to authenticate requests which contain plaintext passwords, i.e. PAP, against S4/AD? rlm_mschap has hooks to talk to ntlm_auth or winbind, but rlm_pap doesn't. It seems to me I could: * use rlm_ldap, and do a bind using the user supplied password * use rlm_krb5 (i.e. kerberos as a password oracle) Is there another/better way? Thanks, Brian.