How to setup Freeradius in a Domain

Johan Meiring jmeiring at pcservices.co.za
Thu Jul 14 09:45:30 CEST 2011


On 2011/07/13 06:51 PM, Phil Mayers wrote:
>
> If you are using Samba as your domain controllers, then you have access to
> the SAM and can extract the LM/NT hash from whatever backend you use.
>
> So you can just feed that info straight to FreeRADIUS. No need to use
> ntlm_auth / samba membership - just dump the NT hashes somewhere FreeRADIUS
> can get at them, or if you're using LDAP, point FreeRADIUS at that LDAP
> server and make sure it can read the ntPassword attribute.
>
> This is preferable to using ntlm_auth in fact.

OK...

So the ntlm_auth "hack" is just because a Microsoft Domain Controller/LDAP 
refuses to share the ntPassword attribute with anyone that does not look 
like Microsoft?

Hopefully Samba4 changes that as it should have a copy of the AD database!

Thanks!


-- 


Johan Meiring
Cape PC Services CC
Tel: (021) 883-8271
Fax: (021) 886-7782

--------------------
Before acting on this email or opening any attachments
you should read Cape PC Service's email disclaimer at:

http://www.pcservices.co.za/disclaimer.html




More information about the Freeradius-Users mailing list