Re: FW: [Samba] MSCHAPv2 microsoft client/linux/Active Directory
On Wed, Nov 05, 2003 at 07:21:50AM -0700, Ron Wahler wrote: > Agreed this would be nice and the only option at this point > Is to proxy the radius request to IAS. Or to 'fix' FreeRADIUS. :-) > Is there a link to read up on ntlm_auth ? There is a manpage, which is better in Samba 3.0.0pre1. Other than that, read the source in source/utils/ntlm_auth.c and my paper that I quoated at the start of this thread. http://hawkerc.net/staff/abartlet/comp3700 Andrew Barltett -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: FW: [Samba] MSCHAPv2 microsoft client/linux/Active Directory
Agreed this would be nice and the only option at this point Is to proxy the radius request to IAS. Is there a link to read up on ntlm_auth ? Ron. > -Original Message- > From: Andrew Bartlett [mailto:[EMAIL PROTECTED] > Sent: Tuesday, November 04, 2003 3:33 PM > To: Ron Wahler > Cc: [EMAIL PROTECTED] > Subject: Re: FW: [Samba] MSCHAPv2 microsoft client/linux/Active Directory > > On Tue, Nov 04, 2003 at 08:04:07AM -0700, Ron Wahler wrote: > > > > > > > > The authentication request comes in over RADIUS to the linux box. > > I then need a way to authenticate to Active Directory with MS-CHAPv2 > > Passwords. > > I currently use LDAP binds to authenticate the user, but that does not > > Work with MS-CHAPv2. > > Your options are to either use the MS RADIUS server (IAS I think it is > called) or to help create a plugin from FreeRADIUS that calls > ntlm_auth. I don't think it could be really that hard... > > I want to see this work, so if there is any help I can provide (in > particular on how to use ntlm_auth) then just yell. The same applied > to any FreeRADIUS developers you manage to rope into this :-) > > Andrew Bartlett -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: FW: [Samba] MSCHAPv2 microsoft client/linux/Active Directory
On Tue, Nov 04, 2003 at 08:04:07AM -0700, Ron Wahler wrote: > > > > The authentication request comes in over RADIUS to the linux box. > I then need a way to authenticate to Active Directory with MS-CHAPv2 > Passwords. > I currently use LDAP binds to authenticate the user, but that does not > Work with MS-CHAPv2. Your options are to either use the MS RADIUS server (IAS I think it is called) or to help create a plugin from FreeRADIUS that calls ntlm_auth. I don't think it could be really that hard... I want to see this work, so if there is any help I can provide (in particular on how to use ntlm_auth) then just yell. The same applied to any FreeRADIUS developers you manage to rope into this :-) Andrew Bartlett -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
FW: [Samba] MSCHAPv2 microsoft client/linux/Active Directory
The authentication request comes in over RADIUS to the linux box. I then need a way to authenticate to Active Directory with MS-CHAPv2 Passwords. I currently use LDAP binds to authenticate the user, but that does not Work with MS-CHAPv2. > -Original Message- > From: Andrew Bartlett [mailto:[EMAIL PROTECTED] > Sent: Friday, October 31, 2003 3:39 PM > To: Ron Wahler > Cc: [EMAIL PROTECTED] > Subject: Re: FW: [Samba] MSCHAPv2 microsoft client/linux/Active Directory > > On Sat, 2003-11-01 at 07:58, Ron Wahler wrote: > > > > I don't want to use a VPN to solve this one. > > So this is for dial-in only? > > > I am really wondering with (samba 3.x) when the linux box become part of > > The AD domain does it get a special privileges? > > It's machine trust account gains privileges to validate NTLM (and > MSCHAP/MSCHAPv2) authentication attempts against the DC, as well as any > other rights you grant it. > > I have been implementing a system that allows pppd to authenticate > against an NT (and AD) domain controller, using MSCHAP/MSCHAPv2. > > It will find a better home sometime, but my working copy is at: > > http://hawkerc.net/staff/abartlet/comp3700 > > It is a patch for pppd, to use Samba 3.0's winbind, and ntlm_auth to > perform this authentication. > > Andrew Bartlett > > > > > > > > > Hi,i am not sure if i understand yor needs, but maybe this helps > > > this links guide you to setup a pptp server an client for linux > > > http://www.poptop.org/ > > > http://pptpclient.sourceforge.net/ > > > there are patches to use smbpasswd to auth > > > users which are conect via pptpd > > > and MSCHAPv2 with domain > > > the pptp client should work for login in ras servers > > > radius shuold work too ( radius auth to ldap should work ) > > > good Luck > > > > -- > Andrew Bartlett [EMAIL PROTECTED] > Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] > Student Network Administrator, Hawker College [EMAIL PROTECTED] > http://samba.org http://build.samba.org http://hawkerc.net -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: FW: [Samba] MSCHAPv2 microsoft client/linux/Active Directory
On Sat, 2003-11-01 at 07:58, Ron Wahler wrote: > > I don't want to use a VPN to solve this one. So this is for dial-in only? > I am really wondering with (samba 3.x) when the linux box become part of > The AD domain does it get a special privileges? It's machine trust account gains privileges to validate NTLM (and MSCHAP/MSCHAPv2) authentication attempts against the DC, as well as any other rights you grant it. I have been implementing a system that allows pppd to authenticate against an NT (and AD) domain controller, using MSCHAP/MSCHAPv2. It will find a better home sometime, but my working copy is at: http://hawkerc.net/staff/abartlet/comp3700 It is a patch for pppd, to use Samba 3.0's winbind, and ntlm_auth to perform this authentication. Andrew Bartlett > > > > > Hi,i am not sure if i understand yor needs, but maybe this helps > > this links guide you to setup a pptp server an client for linux > > http://www.poptop.org/ > > http://pptpclient.sourceforge.net/ > > there are patches to use smbpasswd to auth > > users which are conect via pptpd > > and MSCHAPv2 with domain > > the pptp client should work for login in ras servers > > radius shuold work too ( radius auth to ldap should work ) > > good Luck > > -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
FW: [Samba] MSCHAPv2 microsoft client/linux/Active Directory
I don't want to use a VPN to solve this one. I am really wondering with (samba 3.x) when the linux box become part of The AD domain does it get a special privileges? > > Hi,i am not sure if i understand yor needs, but maybe this helps > this links guide you to setup a pptp server an client for linux > http://www.poptop.org/ > http://pptpclient.sourceforge.net/ > there are patches to use smbpasswd to auth > users which are conect via pptpd > and MSCHAPv2 with domain > the pptp client should work for login in ras servers > radius shuold work too ( radius auth to ldap should work ) > good Luck > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba