Authenticating CHAP-Password to Pam (Kerberos 5 to AD)
Phil Mayers
p.mayers at imperial.ac.uk
Fri Jan 27 18:20:13 CET 2006
Patrick Bartkus wrote:
> Phil,
>
> Thanks.
>
> In another thread I read, you wrote:
> ---
> The MS-CHAP module requires either the MD4-based NT password hash, the
> plaintext password from which it can derive the NT has, or callout to
> Samba & domain membership.
> ---
>
> Does this mean that if I setup Samba on this box, get it to be a member
> of the domain exchanging Domain UIDs and passwords, I could then
> authenticate to Samba from my MS-CHAP-speaking NAS?
Yes. See the "ntlm_auth" option of the "mschap" module. You need winbind
(and therefore Samba 3) but it's pretty trivial to setup.
More information about the Freeradius-Users
mailing list