radius + ldap + ntlm
Andreas Rudat
rudat at endstelle.de
Sun Oct 23 19:03:56 CEST 2011
Am 23.10.2011 17:48, schrieb Andreas Rudat:
> Am 23.10.2011 17:26, schrieb James J J Hooper:
>> On 23/10/2011 16:02, Andreas Rudat wrote:
>>> Hello,
>>>
>>> I understand it correctly, that I can't use peap + mschapv2 with
>>> ldap? Im realy confused atm, what I can realy use, everytime I think
>>> its fine, I found another unsecure thing :/
>> To use PEAP/MS-CHAPv2, LDAP has to provide FR with either a plain text
>> password, or the NTLM hash of the password.
>>
>> If your LDAP directly has plain text passwords, or NTLM hashes, then
>> you can use it for authentication.
>>
>> You can use LDAP for authorization in any case.
>>
>> Regards,
>> James
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
> ok, thank you. For further things I think I have to configure the ldap
> modul for that, right?
>
> Thanks
> Andreas
>
another problem, I tried to test the connection with
ntlm_auth --request-nt-key --domain=foo.bar --username=test --password=test
and get the message
NT_STATUS_INVALID_HANDLE: Invalid handle (0xc0000008)
is it perhaps a problem with samba? I'm using 3.4.14, same with wbinfo
my smb.conf
[global]
workgroup = foo.bar
security = server
password server = bar.foo.bar
wins server = bar.foo.bar
on my samba+ldap machine wbinfo and ntml_auth are working fine.
Thanks
More information about the Freeradius-Users
mailing list