How to setup Freeradius in a Domain
Johan Meiring
jmeiring at pcservices.co.za
Thu Jul 14 09:45:30 CEST 2011
On 2011/07/13 06:51 PM, Phil Mayers wrote:
>
> If you are using Samba as your domain controllers, then you have access to
> the SAM and can extract the LM/NT hash from whatever backend you use.
>
> So you can just feed that info straight to FreeRADIUS. No need to use
> ntlm_auth / samba membership - just dump the NT hashes somewhere FreeRADIUS
> can get at them, or if you're using LDAP, point FreeRADIUS at that LDAP
> server and make sure it can read the ntPassword attribute.
>
> This is preferable to using ntlm_auth in fact.
OK...
So the ntlm_auth "hack" is just because a Microsoft Domain Controller/LDAP
refuses to share the ntPassword attribute with anyone that does not look
like Microsoft?
Hopefully Samba4 changes that as it should have a copy of the AD database!
Thanks!
--
Johan Meiring
Cape PC Services CC
Tel: (021) 883-8271
Fax: (021) 886-7782
--------------------
Before acting on this email or opening any attachments
you should read Cape PC Service's email disclaimer at:
http://www.pcservices.co.za/disclaimer.html
More information about the Freeradius-Users
mailing list