On 07/14/2010 04:46 PM, Lovaas,Steven wrote:
Rather than deal with the never-ending tail-chasing between samba and
Microsoft, I've decided to move toward using FreeRadius as a proxy
for the Windows radius implementation (formerly IAS, now called NPS).
I haven't completed the change, so I'm sorry that I can't tell you
how easy it is... but it surely can't be as frustrating as trying to
deal with samba always being behind, right?
Samba being "behind" what, exactly?
I've never had this problem. We authenticate against windows 2008R2
domain controllers on Samba 3.0.x. I had to do nothing special. It "just
works".
There was a specific bug in some newer Samba versions where Samba seemed
to make a change that caused NT_KEY to be wrong. So just run an older
one. This problem is well described in the list archives and eap.conf in
recent FreeRadius source distros. The latest Samba distributions should
not have the problems.
As for "NPS can't be that bad"... shudder. I disagree. If you really
feel you must do this, my advice is to only proxy the MS-CHAP (inside
the tunnel if you're doing EAP-PEAP).
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
