rlm_mschap support for password changes
Alan DeKok
aland at deployingradius.com
Sun Jan 28 08:58:56 CET 2007
Garber, Neal wrote:
> Samba 3.0.24 will provide support for changing passwords via ntlm_auth.
Sounds useful.
> Unfortunately (for rlm_mschap in FR), it is implemented using a new
> helper protocol, “ntlm-change-password-1”, which I believe would require
> non-trivial changes to rlm_mschap as it doesn’t currently use ntlm_auth
> helper protocols. Does anyone have plans to incorporate this
> functionality?
I haven't heard of any.
> If so, I’d be willing to help. If not, I’m going to
> start investigating and implementing the changes required. I’m thinking
> that ideally, it would be implemented in a way that doesn’t break the
> current method of configuring ntlm_auth in radiusd.conf (i.e., it would
> be backward compatible to avoid requiring everyone to change the config.
> if they aren’t interested in the new functionality).
If that's possible, that would be good.
> Is anyone else interested in having this capability and/or have ideas on
> how best to integrate it?
There hasn't been huge demand for it, but there has been the
occasional question.
As for now to implement it, maybe a separate config entry for running
ntlm_auth with options for changing passwords?
Maybe the rlm_mschap module could implement the ntlm-server-1 protocol
directly, which could simplify things somewhat.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
More information about the Freeradius-Devel
mailing list