How to setup Freeradius in a Domain
Phil Mayers
p.mayers at imperial.ac.uk
Wed Jul 13 18:51:02 CEST 2011
On 07/13/2011 05:40 PM, Johan Meiring wrote:
> Just for interest sake...
>
> We use a lot of Samba Domain Controllers (samba3, NT4 style domain)
I should have been more precise: my comments apply to Microsoft domain
controllers.
If you are using Samba as your domain controllers, then you have access
to the SAM and can extract the LM/NT hash from whatever backend you use.
So you can just feed that info straight to FreeRADIUS. No need to use
ntlm_auth / samba membership - just dump the NT hashes somewhere
FreeRADIUS can get at them, or if you're using LDAP, point FreeRADIUS at
that LDAP server and make sure it can read the ntPassword attribute.
This is preferable to using ntlm_auth in fact.
More information about the Freeradius-Users
mailing list