Authenticating CHAP-Password to Pam (Kerberos 5 to AD)

Patrick Bartkus patrckb at gmail.com
Fri Jan 27 17:53:00 CET 2006


Phil,

Thanks.

In another thread I read, you wrote:
---
The MS-CHAP module requires either the MD4-based NT password hash,  the
plaintext password from which it can derive the NT has, or callout to
Samba & domain membership.
---

Does this mean that if I setup Samba on this box, get it to be a member of
the domain exchanging Domain UIDs and passwords, I could then authenticate
to Samba from my MS-CHAP-speaking NAS?

BTW, for any non-native English speakers, if you want the definition of SOL,
e-mail me privately and I'll explain.

Patrick

On 1/27/06, Phil Mayers <p.mayers at imperial.ac.uk> wrote:
>
> Patrick Bartkus wrote:
> >
> > Has this been solved or am I SOL?
>
> It is not a code bug. It is a fundamental feature of the algorithm. It
> *cannot* be solved. You are, as you put it, SOL.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060127/820a7cf7/attachment.html>


More information about the Freeradius-Users mailing list