On 04/25/2011 07:33 PM, Thomas Smith wrote:
I brought this to Likewise' attention as soon as I noticed the issue. They are looking into it but haven't given me a time frame for a "fix", or even if there will provide one.
I'm not familiar with Likewise (nor do I have any desire to become so). But if they provide any development libraries or infrastructure, you may be able to implement the feature yourself.
All "ntlm_auth" ends up doing is SamNetworkLogon RPC against the netlogon pipe of a domain controller. Minimally, they just need to provide you a binary (or you code one up) that calls that RPC using the challenge and ntresponse values (along with username/domain) and returns the NT key value.
The other alternative would be to compile Samba into a separate directory tree, and configure it carefully - then join it to the domain as a separate "virtual" domain member, which is only used for running winbind and ntlm_auth. You might have problems with nmbd and binding to port 13x.
But honestly: it would probably be easier to just run Samba on your FreeRadius servers, and forgo Likewise.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
