Alan DeKok aland at ox.org
Wed Feb 22 16:29:46 CET 2006

Phil Mayers <p.mayers at imperial.ac.uk> wrote:
> Download Samba, ensuring it is 3.0.21rc1 or later which includes the 
> patch Alan talks about. Compile and install samba. Read the samba 
> documentation. Configure your Samba server. Ensure winbindd and nmbd are 
> running. Join the AD domain. Ensure samba is working ("wbinfo -D 
> DOMAIN", "wbinfo -a username%pass" are good basic tests)
> Install FreeRadius, make sure it is 1.1.0 which will strip the machine 
> name "host/name.domain.com" to "name". Make the following changes to the 
> default config:

  Isn't that a whole heck of a lot of work?

  I took a look at the packet traces going to the domain controller.
It turns out that about 4 packets are necessary.  There's a libntlm
that does the NTLM oddities, so all that needs to happen is for
someone to write a minimal SMB client.

  The result would be a module like rlm_smb (which I can't make work
anymore), but that replaces ntlm_auth, winbindd, and Samba.  It would
be small, fast, and a lot easier to use.

  It requires time/energy to do the work, but there is demand for it
in a number of places.

  Alan DeKok.

More information about the Freeradius-Users mailing list