win2003 Active Directory authentication
Phil Mayers
p.mayers at imperial.ac.uk
Mon May 8 18:47:31 CEST 2006
Frank Smith wrote:
> I am running AD in native mode. By my ancient understanding of samba, I
> cannot join this domain.
That is not correct, and is indeed ancient. Samba 3 can join an AD
native-mode domain. See the massive quantity of docs include with samba.
Once in the domain, the winbind daemon can be started and the ntlm_auth
helper used to answer MS-CHAP requests.
> I can authenticate using ldap, no? Also, is
LDAP can only service PAP requests. If you want PAP, LDAP works fine.
If you want to do e.g. wireless authentication with PEAP/MS-CHAP or
dialup using MS-CHAP, you must join the domain.
More information about the Freeradius-Users
mailing list