authenticate machine accounts with ntlm_auth
Stefan Winter
freeradius-users-ml at stefan-winter.de
Mon Aug 1 08:09:02 CEST 2005
Hi,
> It sounds to me like you're saying this is a server-side issue. Since AD
> is available via LDAP, why couldn't this FreeRadius install just use
> rlm_ldap to access the machine account info in AD?
No. There is one important difference between plain LDAP and AD: an AD server
will _never_ give away the user's (machine's) password. Never. The closest
thing you can get is a MS-CHAP challenge that is built from the password, but
for some reason that doesn't do the trick.
> The Microsoft side of things isn't my greatest strength, least of all the
> AD/LDAP stuff, but it seems as though this *should* work.
It would, if AD would give you the password. But it doesn't.
Greetings,
Stefan Winter
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingénieur de recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
email: stefan.winter at restena.lu tél.: +352 424409-1
http://www.restena.lu fax: +352 422473
More information about the Freeradius-Users
mailing list