Authenticating against Win2k8r2 without ntlm_auth
Phil Mayers
p.mayers at imperial.ac.uk
Mon Apr 25 22:39:10 CEST 2011
On 04/25/2011 07:33 PM, Thomas Smith wrote:
>
> I brought this to Likewise' attention as soon as I noticed the issue.
> They are looking into it but haven't given me a time frame for a
> "fix", or even if there will provide one.
I'm not familiar with Likewise (nor do I have any desire to become so).
But if they provide any development libraries or infrastructure, you may
be able to implement the feature yourself.
All "ntlm_auth" ends up doing is SamNetworkLogon RPC against the
netlogon pipe of a domain controller. Minimally, they just need to
provide you a binary (or you code one up) that calls that RPC using the
challenge and ntresponse values (along with username/domain) and returns
the NT key value.
The other alternative would be to compile Samba into a separate
directory tree, and configure it carefully - then join it to the domain
as a separate "virtual" domain member, which is only used for running
winbind and ntlm_auth. You might have problems with nmbd and binding to
port 13x.
But honestly: it would probably be easier to just run Samba on your
FreeRadius servers, and forgo Likewise.
More information about the Freeradius-Users
mailing list