How to setup Freeradius in a Domain

Phil Mayers p.mayers at imperial.ac.uk
Wed Jul 13 18:51:02 CEST 2011


On 07/13/2011 05:40 PM, Johan Meiring wrote:

> Just for interest sake...
>
> We use a lot of Samba Domain Controllers (samba3, NT4 style domain)

I should have been more precise: my comments apply to Microsoft domain 
controllers.

If you are using Samba as your domain controllers, then you have access 
to the SAM and can extract the LM/NT hash from whatever backend you use.

So you can just feed that info straight to FreeRADIUS. No need to use 
ntlm_auth / samba membership - just dump the NT hashes somewhere 
FreeRADIUS can get at them, or if you're using LDAP, point FreeRADIUS at 
that LDAP server and make sure it can read the ntPassword attribute.

This is preferable to using ntlm_auth in fact.



More information about the Freeradius-Users mailing list