19 Mar
2008
19 Mar
'08
2:22 p.m.
James McOrmond wrote:
This is a Samba NT domain, not AD. I do not have access to the plain text password through Samba or LDAP.
Samba is a lot friendlier about passwords than AD is.
The "Protocol and Password Compatibility" chart and the "Authenticaiton Systems and Password Compatibility" chart from the "Deploying RADIUS: The Book" page specifically says PAP/ntlm_auth is functional. Regular CHAP is not because it requires the clear-text password.
The issue is convincing the database to give FreeRADIUS *something* to use for authetnication. The web page lists ntlm_auth only because of AD limitations. With Samba, you just map the LDAP "ntpasswd" or "sambantpasswd" attribute to the RADIUS attribute. See ldap.attrmap. Alan DeKok.