radius + ldap + ntlm

Andreas Rudat rudat at endstelle.de
Sun Oct 23 19:03:56 CEST 2011

Am 23.10.2011 17:48, schrieb Andreas Rudat:
> Am 23.10.2011 17:26, schrieb James J J Hooper:
>> On 23/10/2011 16:02, Andreas Rudat wrote:
>>> Hello,
>>> I understand it correctly, that I can't use peap + mschapv2 with
>>> ldap? Im realy confused atm, what I can realy use, everytime I think
>>> its fine, I found another unsecure thing :/
>> To use PEAP/MS-CHAPv2, LDAP has to provide FR with either a plain text
>> password, or the NTLM hash of the password.
>> If your LDAP directly has plain text passwords, or NTLM hashes, then
>> you can use it for authentication.
>> You can use LDAP for authorization in any case.
>> Regards,
>>   James
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
> ok, thank you. For further things I think I have to configure the ldap
> modul for that, right?
> Thanks
> Andreas

another problem, I tried to test the connection with

ntlm_auth --request-nt-key --domain=foo.bar --username=test --password=test

and get the message
NT_STATUS_INVALID_HANDLE: Invalid handle (0xc0000008)

is it perhaps a problem with samba? I'm using 3.4.14, same with wbinfo

my smb.conf


  workgroup = foo.bar

   security = server

   password server = bar.foo.bar
   wins server = bar.foo.bar

on my samba+ldap machine wbinfo and ntml_auth are working fine.


More information about the Freeradius-Users mailing list