Alan DeKok aland at ox.org
Thu Feb 23 19:19:06 CET 2006

Laker Netman <laker_netman at yahoo.com> wrote:
> NTLM is sufficient to gain access to resources on
> Windows domain, "machine account" or no, in ANY
> windows domain flavor.

  Yes, but the issue is the protocol that encapsulates NTLM.  There
are multiple versions of Windows "connect to DC" protocols.  Some
require massive amounts of code to obtain a working implementation.
Others (e.g. rlm_smb) do not.

> My home PCs are not "work" domain members.  In fact, I
> run my own "home" domain.  So these home systems
> actually have different native security (machine
> account) credentials than my work PC.

  And until you look at the packet traces, you have no idea which
version of what protocols they're using.  Odds are they're using the
Win2K or XP-style "infinite number of packets" method to log into the

  Alan DeKok.

More information about the Freeradius-Users mailing list