Alan DeKok aland at ox.org
Thu Feb 23 19:09:37 CET 2006

Phil Mayers <p.mayers at imperial.ac.uk> wrote:
> You seem convinced I'm operating from a state of ignorance. I'm quite 
> willing to believe I'm wrong. Best of luck.

  Let me retry.

  Machine authentication is something "new" in post NT4 domain
controllers.  As such, to do it properly, the client is required to
implement massive amounts of RPC nonsense.

  User authentication is another story.  The smbclient program can be
used to demonstrate that users can be authenticated to a DC using
NTLM, with a minimum number of packets, because it uses an older
version of the protocol.

  It's not that I think you're operating from a state of ignorance.
It's that I think you're focussing on the wrong thing.  The huge
XP-style RPC stuff cannot be implemented in a small client, so I
ignore it.  The much smaller older protocol used by smbclient is
demonstratably implemented in a small client: smbclient.  There's no
winbindd, smbd, or any other daemons required.

  Alan DeKok.

More information about the Freeradius-Users mailing list