How to? - use/configure winbind/ntlm_auth for Windows authentication
Pete Flynt
peteflynt at hotmail.com
Thu Jun 9 09:14:43 CEST 2005
Thanks for your solution.
I think this will be helpful for some people.
I'll try this on next opportunity.
But does it provide Single-Sign-On possibility with windows credentials like
PEAP MSCHAPv2?
I've finally managed to get the ntlm_auth working.
When one knows how to do it, it is very easy:
On my fedora core 3 (with samba) I ran the authconfig tool, checked the "use
winbind/use winbind for authentication" options, entered the domain info,
joined the windows domain via net rpc and ntlm_auth worked at once! I did
not have to touch samba config files.
Regards,
Pete
>Subject: How to? - use/configure winbind/ntlm_auth for Windows
>authentication
>Date: Wed, 8 Jun 2005 15:00:10 -0400
>
>I use LDAP. For each OU I want to authenticate I create an entry in
>radiusd.conf
>
>
>
>ldap MyFirstOU {
>
> server = "your.server.dns.name"
>
> identity = "CN=LDAP VIEW,CN=Users,DC=acs,DC=ocad,DC=ca"
>
> password = ldapAccountPassword
>
> basedn = "ou=yourOU,dc=acs,dc=ocad,dc=ca"
>
> filter =
>"(sAMAccountName=%{Stripped-User-Name:-%{User-Name}})"
>
> start_tls = no
>
> tls_mode = no
>
> groupname_attribute = cn
>
> groupmembership_filter =
>"(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=Gr
>oupOfUniqueNames)(uniquemember=%{Ldap-UserDn}))"
>
> ldap_connections_number = 5
>
> timeout = 4
>
> timelimit = 3
>
> access_attr_used_for_allow = yes
>
> }
>
>
>
>authorize {
>
> MyFirstOU
>
> }
>
>
>
>Auth-Type LDAP {
>
> MyFirstOU
>
>}
>
>
>
>You need a user on the AD box called "LDAP VIEW" with a password of
>"ldapAccountPassword".
>
>
>
>Works great for me.
>
_________________________________________________________________
FREE pop-up blocking with the new MSN Toolbar - get it now!
http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/
More information about the Freeradius-Users
mailing list