Sorry to pester u Alan :P
Does mschapv2 also support ntlm_auth ?
and now that I understand your tables (well I think) I should be able
to persuade my employer to use ntlm and firewall the the samba ports.
On 4/23/07, Alan DeKok <[EMAIL PROTECTED]> wrote:
> Jacob Jarick wrote:
> > Is it true that the only way to authenticate against active directory
> > is using ntlm_auth ?
> For ms-chap, yes.
> > I have been specifically asked not to use the ntlm_auth method against
> > AD out of security cocerns from having samba installed. I cant see the
> > risk of having samba installed myself if no directorys are being
> > shared (please correct me if Im wrong).
> Yes. You can also put firewall rules in place to block any traffic to
> the Samba machine.
> Alan DeKok.
> http://deployingradius.com - The web site of the book
> http://deployingradius.com/blog/ - The blog
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html