How to setup Freeradius in a Domain

Johan Meiring jmeiring at
Thu Jul 14 09:45:30 CEST 2011

On 2011/07/13 06:51 PM, Phil Mayers wrote:
> If you are using Samba as your domain controllers, then you have access to
> the SAM and can extract the LM/NT hash from whatever backend you use.
> So you can just feed that info straight to FreeRADIUS. No need to use
> ntlm_auth / samba membership - just dump the NT hashes somewhere FreeRADIUS
> can get at them, or if you're using LDAP, point FreeRADIUS at that LDAP
> server and make sure it can read the ntPassword attribute.
> This is preferable to using ntlm_auth in fact.


So the ntlm_auth "hack" is just because a Microsoft Domain Controller/LDAP 
refuses to share the ntPassword attribute with anyone that does not look 
like Microsoft?

Hopefully Samba4 changes that as it should have a copy of the AD database!



Johan Meiring
Cape PC Services CC
Tel: (021) 883-8271
Fax: (021) 886-7782

Before acting on this email or opening any attachments
you should read Cape PC Service's email disclaimer at:

More information about the Freeradius-Users mailing list