Authenticating against Win2k8r2 without ntlm_auth

Phil Mayers p.mayers at imperial.ac.uk
Sun Apr 24 10:33:16 CEST 2011


On 04/24/2011 12:48 AM, Thomas Smith wrote:

> While Samba 3.5 and Likewise 6 fixed the problems authenticating
> against Win2k8r2, Likewise removed support for Samba/Winbind in their
> 6.x series product (they included full support for Samba/Winbind in
> their 5.x series product)--they now use their own libraries to provide
> "winbind" functionality. The result of this is that the Samba-included
> ntlm_auth no longer works (and Likewise doesn't provide a comparable
> replacement)--since my FreeRADIUS install was using ntlm_auth for AD
> authentication and authorization, it is no longer working.

If you're using Samba/ntlm_auth, you're probably doing PEAP/MSCHAP, in 
which case you have precisely one option - continuing to use 
Samba/ntlm_auth.

Neither kerberos nor LDAP against AD (nor any other method) can be used 
to process MSCHAP authentications.

If Likewise are going to replace bits of the Samba stack, they should 
provide compatible bits.



More information about the Freeradius-Users mailing list