NTLM
Alan DeKok
aland at ox.org
Wed Feb 22 16:29:46 CET 2006
Phil Mayers <p.mayers at imperial.ac.uk> wrote:
> Download Samba, ensuring it is 3.0.21rc1 or later which includes the
> patch Alan talks about. Compile and install samba. Read the samba
> documentation. Configure your Samba server. Ensure winbindd and nmbd are
> running. Join the AD domain. Ensure samba is working ("wbinfo -D
> DOMAIN", "wbinfo -a username%pass" are good basic tests)
>
> Install FreeRadius, make sure it is 1.1.0 which will strip the machine
> name "host/name.domain.com" to "name". Make the following changes to the
> default config:
Isn't that a whole heck of a lot of work?
I took a look at the packet traces going to the domain controller.
It turns out that about 4 packets are necessary. There's a libntlm
that does the NTLM oddities, so all that needs to happen is for
someone to write a minimal SMB client.
The result would be a module like rlm_smb (which I can't make work
anymore), but that replaces ntlm_auth, winbindd, and Samba. It would
be small, fast, and a lot easier to use.
It requires time/energy to do the work, but there is demand for it
in a number of places.
Alan DeKok.
More information about the Freeradius-Users
mailing list