How to authenticate users against a Windoze AD server with krb5?
Arne Götje (=?utf-8?q?=E9=AB=98=E7=9B=9B=E8=8F=AF?=)
arne at linux.org.tw
Wed Jun 1 07:01:08 CEST 2005
On Wednesday 01 June 2005 01:08, Alan DeKok wrote:
> The rlm_krb5 module takes a clear-text password from a RADIUS
> packet, and uses it to authenticate via kerberos. This may work
> against AD, but I don't think anyone has tried it.
Ouch! I think this answers my question... this method cannot work as the
clear-text password is never supplied by the client. EAP-MD5 is used
(802.1x). So it will only supply a MD5 hash...
Can ntlm_auth handle MD5 hashes as passwords???
Any solution to this or am I forced to use a M$ compatible radius server
instead?
Cheers
Arne
--
Arne Götje (高盛華) <arne at linux.org.tw>
PGP/GnuPG key: 1024D/685D1E8C
Fingerprint: 2056 F6B7 DEA8 B478 311F 1C34 6E9F D06E 685D 1E8C
Key available at wwwkeys.pgp.net. Encrypted e-mail preferred.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20050601/0ba1f324/attachment.pgp>
More information about the Freeradius-Users
mailing list