Alan DeKok said: >Robert E. Toense wrote: >> Yes, I could use ntlm_auth and probably get it working, but this is >> supposed to be LDAP-based, not SAMBA. The LDAP could move to a >> different environment. Use of standards is important to us.
Robert ... unfortunately, Microsoft doesn't take standards as seriously as you or I do. When they say something is "standards based", what they actually mean is they cherry picked the parts they liked, tweaked other parts to make it work with Windows, and flat out made up the rest as they went along. Almost any "standards based" interoperability with Windows will require that you sacrifice some of your principles. In this case that sacrifice is ntlm-auth. Accept it into your life. Think it as the Yin to AD's LDAP Yang. If the feelings of violation don't get better over time, do what I do and scrub your hands until they bleed every time you start thinking about Microsoft too hard. Or, as Alan said: > 1) Ask Microsoft to expose the password through LDAP. LMAO!! Alan, good to see you've recovered your sense of humor. Things were getting way too serious for a while, there. > Alan DeKok. -- hugh - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
