On Sun, Apr 24, 2011 at 1:33 AM, Phil Mayers <[email protected]> wrote: > On 04/24/2011 12:48 AM, Thomas Smith wrote: > >> While Samba 3.5 and Likewise 6 fixed the problems authenticating >> against Win2k8r2, Likewise removed support for Samba/Winbind in their >> 6.x series product (they included full support for Samba/Winbind in >> their 5.x series product)--they now use their own libraries to provide >> "winbind" functionality. The result of this is that the Samba-included >> ntlm_auth no longer works (and Likewise doesn't provide a comparable >> replacement)--since my FreeRADIUS install was using ntlm_auth for AD >> authentication and authorization, it is no longer working. > > If you're using Samba/ntlm_auth, you're probably doing PEAP/MSCHAP, in which > case you have precisely one option - continuing to use Samba/ntlm_auth. > > Neither kerberos nor LDAP against AD (nor any other method) can be used to > process MSCHAP authentications. > > If Likewise are going to replace bits of the Samba stack, they should > provide compatible bits.
Yeah, that's exactly what I've been doing. I was hoping to find another method, but that doesn't sound promising. I brought this to Likewise' attention as soon as I noticed the issue. They are looking into it but haven't given me a time frame for a "fix", or even if there will provide one. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
