Validating plaintext passwords against Samba 4

Matthew Newton mcn4 at leicester.ac.uk
Thu Jan 5 18:51:46 CET 2017


On Thu, Jan 05, 2017 at 12:30:14PM -0500, Alan DeKok wrote:
> On Jan 5, 2017, at 12:28 PM, Brian Candler <b.candler at pobox.com> wrote:
> > 
> > * use rlm_ldap, and do a bind using the user supplied password
> > 
> > * use rlm_krb5 (i.e. kerberos as a password oracle)
> 
>   Either way is fine.
> 
> > Is there another/better way?
> 
>  Personally, I'd probably use LDAP.

Agreed. ntlm_auth will do PAP as well if you really must
(mods-available/ntlm_auth).

rlm_winbind in v3.1.x/v4.0.x if you dare.

Matthew


-- 
Matthew Newton, Ph.D. <mcn4 at leicester.ac.uk>

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>


More information about the Freeradius-Users mailing list