On 2011/07/13 06:51 PM, Phil Mayers wrote:
If you are using Samba as your domain controllers, then you have access to
the SAM and can extract the LM/NT hash from whatever backend you use.
So you can just feed that info straight to FreeRADIUS. No need to use
ntlm_auth / samba membership - just dump the NT hashes somewhere FreeRADIUS
can get at them, or if you're using LDAP, point FreeRADIUS at that LDAP
server and make sure it can read the ntPassword attribute.
This is preferable to using ntlm_auth in fact.
OK...
So the ntlm_auth "hack" is just because a Microsoft Domain Controller/LDAP
refuses to share the ntPassword attribute with anyone that does not look
like Microsoft?
Hopefully Samba4 changes that as it should have a copy of the AD database!
Thanks!
--
Johan Meiring
Cape PC Services CC
Tel: (021) 883-8271
Fax: (021) 886-7782
--------------------
Before acting on this email or opening any attachments
you should read Cape PC Service's email disclaimer at:
http://www.pcservices.co.za/disclaimer.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
