Hello, I understand it correctly, that I can't use peap + mschapv2 with ldap? Im realy confused atm, what I can realy use, everytime I think its fine, I found another unsecure thing :/ Thanks
On 23/10/2011 16:02, Andreas Rudat wrote:
Hello,
I understand it correctly, that I can't use peap + mschapv2 with ldap? Im realy confused atm, what I can realy use, everytime I think its fine, I found another unsecure thing :/
To use PEAP/MS-CHAPv2, LDAP has to provide FR with either a plain text password, or the NTLM hash of the password. If your LDAP directly has plain text passwords, or NTLM hashes, then you can use it for authentication. You can use LDAP for authorization in any case. Regards, James
Am 23.10.2011 17:26, schrieb James J J Hooper:
On 23/10/2011 16:02, Andreas Rudat wrote:
Hello,
I understand it correctly, that I can't use peap + mschapv2 with ldap? Im realy confused atm, what I can realy use, everytime I think its fine, I found another unsecure thing :/
To use PEAP/MS-CHAPv2, LDAP has to provide FR with either a plain text password, or the NTLM hash of the password.
If your LDAP directly has plain text passwords, or NTLM hashes, then you can use it for authentication.
You can use LDAP for authorization in any case.
Regards, James - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ok, thank you. For further things I think I have to configure the ldap modul for that, right? Thanks Andreas -- -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v2.0.17 (MingW32) mQGNBE6jHfABDACyzFkn6k+OtbRANjKZ6NEQOxnnsBSBSs6sT9EBF0U3MnnYW3/p YTW+7aUa/1FZTOWt9wb9H7t0SOqpgqUBmRo/sPteepXblnDaGEh8tzIWfaC9MKc1 QobU5zK9KcDKrs3SyGXEPOOQM8QdtE8KfSJFdUxfanFJUbfTbxq5Gqz1eaU4cWxp gR6GeVYnd11J8AdDDwkjPjx4ZJ5guZ+D646Qi3CT7KT6y8sXVPwpNA3CvGweYX0r STKyBf+nlQtOtByrgZW7BiSAxilYUL4mGE4KmuYAadJ+O6X7NOtz3OQaWgSGjqxH YxDu6orTzL4/csjoVXS9dgeGkhLJgAg72a2yxA4tx/8IXrGp3JVGYGEY2kYcq3k9 jq5hJezoy6s1N//mgm5KaB84zrU5cUcu8kXDppmnp7eXUPnBqj2g2O82buBNa48S wAtnbY4K5fbcnog8g6ouYXpAJo9yHcj+wraQ8+TNFx5nbkg3fZKuf3UeyL3dPKXf wsKehnZ3Ipqkb08AEQEAAbQiQW5kcmVhcyBSdWRhdCA8cnVkYXRAZW5kc3RlbGxl LmRlPokBuAQTAQIAIgUCTqMd8AIbDwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AA CgkQBw5gh+kRIv+yGQv5AQCRZt8wR2McgsTurZEZXz5UpxEPZB/dA/iXtPzZXJih XLRZFqcdT+c8DCLbhXjO5aLndOCIDwWmsnqX2fuGAjlM4GJAAUEARSNtWY7V+rUt PhdOz/flCZo/+p7wBi0XOJcWhysS7DV/ssSYdnuJvONUBXCQ/MpJsVXuKdgPa9IR hvi37Ang1Cxb7htKHIuA4wCuqz1/4VGNez/65qwjuYakbB4/rXkKWb17XqCZrtoo YiQSxPU7fP5lM4ybQXxP1qrptmaF9EqGTnj/xAU3tCE+PhB3baoVw6VG9nr9xYwh bqCGtTbtrkmYlgioC2fFHDgg3U1GVBIbi0AoddXSs5OekgSvt827OcyWVSyjobyn tH4/jwb8X8iOM/x8RZhzwKhpHA0k7ltTm7qXApARcL1tV6y4GIKwuy1RLZqkpNh1 teqYaxAKlxC77s6gftxqr7G6NCssgCCy2Y50LSvcQbZDPZeBdrPoGI/xAWNy4Otv 33k4P9hxJKHNqLYJN+Gn =UaS9 -----END PGP PUBLIC KEY BLOCK-----
Am 23.10.2011 17:48, schrieb Andreas Rudat:
Am 23.10.2011 17:26, schrieb James J J Hooper:
On 23/10/2011 16:02, Andreas Rudat wrote:
Hello,
I understand it correctly, that I can't use peap + mschapv2 with ldap? Im realy confused atm, what I can realy use, everytime I think its fine, I found another unsecure thing :/ To use PEAP/MS-CHAPv2, LDAP has to provide FR with either a plain text password, or the NTLM hash of the password.
If your LDAP directly has plain text passwords, or NTLM hashes, then you can use it for authentication.
You can use LDAP for authorization in any case.
Regards, James - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ok, thank you. For further things I think I have to configure the ldap modul for that, right?
Thanks Andreas
another problem, I tried to test the connection with ntlm_auth --request-nt-key --domain=foo.bar --username=test --password=test and get the message NT_STATUS_INVALID_HANDLE: Invalid handle (0xc0000008) is it perhaps a problem with samba? I'm using 3.4.14, same with wbinfo my smb.conf [global] workgroup = foo.bar security = server password server = bar.foo.bar wins server = bar.foo.bar on my samba+ldap machine wbinfo and ntml_auth are working fine. Thanks
On 10/23/2011 06:03 PM, Andreas Rudat wrote:
another problem, I tried to test the connection with
ntlm_auth --request-nt-key --domain=foo.bar --username=test --password=test
and get the message NT_STATUS_INVALID_HANDLE: Invalid handle (0xc0000008)
Samba problem. Consult the samba docs or support list.
Am 23.10.2011 22:04, schrieb Phil Mayers:
On 10/23/2011 06:03 PM, Andreas Rudat wrote:
another problem, I tried to test the connection with
ntlm_auth --request-nt-key --domain=foo.bar --username=test --password=test
and get the message NT_STATUS_INVALID_HANDLE: Invalid handle (0xc0000008)
Samba problem. Consult the samba docs or support list. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
hm I dont know it that helped https://bugzilla.samba.org/show_bug.cgi?id=7481 but it works, how ever...
participants (3)
-
Andreas Rudat -
James J J Hooper -
Phil Mayers