rlm_mschap support for password changes

Alan DeKok aland at deployingradius.com
Sun Jan 28 08:58:56 CET 2007

Garber, Neal wrote:
> Samba 3.0.24 will provide support for changing passwords via ntlm_auth.

  Sounds useful.

> Unfortunately (for rlm_mschap in FR), it is implemented using a new
> helper protocol, “ntlm-change-password-1”, which I believe would require
> non-trivial changes to rlm_mschap as it doesn’t currently use ntlm_auth
> helper protocols.  Does anyone have plans to incorporate this
> functionality?

  I haven't heard of any.

>  If so, I’d be willing to help.  If not, I’m going to
> start investigating and implementing the changes required.  I’m thinking
> that ideally, it would be implemented in a way that doesn’t break the
> current method of configuring ntlm_auth in radiusd.conf (i.e., it would
> be backward compatible to avoid requiring everyone to change the config.
> if they aren’t interested in the new functionality).

  If that's possible, that would be good.

> Is anyone else interested in having this capability and/or have ideas on
> how best to integrate it?

  There hasn't been huge demand for it, but there has been the
occasional question.

  As for now to implement it, maybe a separate config entry for running
ntlm_auth with options for changing passwords?

  Maybe the rlm_mschap module could implement the ntlm-server-1 protocol
directly, which could simplify things somewhat.

  Alan DeKok.
  http://deployingradius.com       - The web site of the book
  http://deployingradius.com/blog/ - The blog

More information about the Freeradius-Devel mailing list