Am 23.10.2011 17:48, schrieb Andreas Rudat: > Am 23.10.2011 17:26, schrieb James J J Hooper: >> On 23/10/2011 16:02, Andreas Rudat wrote: >>> Hello, >>> >>> I understand it correctly, that I can't use peap + mschapv2 with >>> ldap? Im realy confused atm, what I can realy use, everytime I think >>> its fine, I found another unsecure thing :/ >> To use PEAP/MS-CHAPv2, LDAP has to provide FR with either a plain text >> password, or the NTLM hash of the password. >> >> If your LDAP directly has plain text passwords, or NTLM hashes, then >> you can use it for authentication. >> >> You can use LDAP for authorization in any case. >> >> Regards, >> James >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> > ok, thank you. For further things I think I have to configure the ldap > modul for that, right? > > Thanks > Andreas >
another problem, I tried to test the connection with ntlm_auth --request-nt-key --domain=foo.bar --username=test --password=test and get the message NT_STATUS_INVALID_HANDLE: Invalid handle (0xc0000008) is it perhaps a problem with samba? I'm using 3.4.14, same with wbinfo my smb.conf [global] workgroup = foo.bar security = server password server = bar.foo.bar wins server = bar.foo.bar on my samba+ldap machine wbinfo and ntml_auth are working fine. Thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
