Authenticating against Win2k8r2 without ntlm_auth
Phil Mayers
p.mayers at imperial.ac.uk
Sun Apr 24 10:33:16 CEST 2011
On 04/24/2011 12:48 AM, Thomas Smith wrote:
> While Samba 3.5 and Likewise 6 fixed the problems authenticating
> against Win2k8r2, Likewise removed support for Samba/Winbind in their
> 6.x series product (they included full support for Samba/Winbind in
> their 5.x series product)--they now use their own libraries to provide
> "winbind" functionality. The result of this is that the Samba-included
> ntlm_auth no longer works (and Likewise doesn't provide a comparable
> replacement)--since my FreeRADIUS install was using ntlm_auth for AD
> authentication and authorization, it is no longer working.
If you're using Samba/ntlm_auth, you're probably doing PEAP/MSCHAP, in
which case you have precisely one option - continuing to use
Samba/ntlm_auth.
Neither kerberos nor LDAP against AD (nor any other method) can be used
to process MSCHAP authentications.
If Likewise are going to replace bits of the Samba stack, they should
provide compatible bits.
More information about the Freeradius-Users
mailing list