RE: FW: [Samba] MSCHAPv2 microsoft client/linux/Active Directory
Agreed this would be nice and the only option at this point Is to proxy the radius request to IAS. Is there a link to read up on ntlm_auth ? Ron. -Original Message- From: Andrew Bartlett [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 04, 2003 3:33 PM To: Ron Wahler Cc: [EMAIL PROTECTED] Subject: Re: FW: [Samba] MSCHAPv2 microsoft client/linux/Active Directory On Tue, Nov 04, 2003 at 08:04:07AM -0700, Ron Wahler wrote: The authentication request comes in over RADIUS to the linux box. I then need a way to authenticate to Active Directory with MS-CHAPv2 Passwords. I currently use LDAP binds to authenticate the user, but that does not Work with MS-CHAPv2. Your options are to either use the MS RADIUS server (IAS I think it is called) or to help create a plugin from FreeRADIUS that calls ntlm_auth. I don't think it could be really that hard... I want to see this work, so if there is any help I can provide (in particular on how to use ntlm_auth) then just yell. The same applied to any FreeRADIUS developers you manage to rope into this :-) Andrew Bartlett -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: FW: [Samba] MSCHAPv2 microsoft client/linux/Active Directory
On Wed, Nov 05, 2003 at 07:21:50AM -0700, Ron Wahler wrote: Agreed this would be nice and the only option at this point Is to proxy the radius request to IAS. Or to 'fix' FreeRADIUS. :-) Is there a link to read up on ntlm_auth ? There is a manpage, which is better in Samba 3.0.0pre1. Other than that, read the source in source/utils/ntlm_auth.c and my paper that I quoated at the start of this thread. http://hawkerc.net/staff/abartlet/comp3700 Andrew Barltett -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
FW: [Samba] MSCHAPv2 microsoft client/linux/Active Directory
The authentication request comes in over RADIUS to the linux box. I then need a way to authenticate to Active Directory with MS-CHAPv2 Passwords. I currently use LDAP binds to authenticate the user, but that does not Work with MS-CHAPv2. -Original Message- From: Andrew Bartlett [mailto:[EMAIL PROTECTED] Sent: Friday, October 31, 2003 3:39 PM To: Ron Wahler Cc: [EMAIL PROTECTED] Subject: Re: FW: [Samba] MSCHAPv2 microsoft client/linux/Active Directory On Sat, 2003-11-01 at 07:58, Ron Wahler wrote: I don't want to use a VPN to solve this one. So this is for dial-in only? I am really wondering with (samba 3.x) when the linux box become part of The AD domain does it get a special privileges? It's machine trust account gains privileges to validate NTLM (and MSCHAP/MSCHAPv2) authentication attempts against the DC, as well as any other rights you grant it. I have been implementing a system that allows pppd to authenticate against an NT (and AD) domain controller, using MSCHAP/MSCHAPv2. It will find a better home sometime, but my working copy is at: http://hawkerc.net/staff/abartlet/comp3700 It is a patch for pppd, to use Samba 3.0's winbind, and ntlm_auth to perform this authentication. Andrew Bartlett Hi,i am not sure if i understand yor needs, but maybe this helps this links guide you to setup a pptp server an client for linux http://www.poptop.org/ http://pptpclient.sourceforge.net/ there are patches to use smbpasswd to auth users which are conect via pptpd and MSCHAPv2 with domain the pptp client should work for login in ras servers radius shuold work too ( radius auth to ldap should work ) good Luck -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: FW: [Samba] MSCHAPv2 microsoft client/linux/Active Directory
On Tue, Nov 04, 2003 at 08:04:07AM -0700, Ron Wahler wrote: The authentication request comes in over RADIUS to the linux box. I then need a way to authenticate to Active Directory with MS-CHAPv2 Passwords. I currently use LDAP binds to authenticate the user, but that does not Work with MS-CHAPv2. Your options are to either use the MS RADIUS server (IAS I think it is called) or to help create a plugin from FreeRADIUS that calls ntlm_auth. I don't think it could be really that hard... I want to see this work, so if there is any help I can provide (in particular on how to use ntlm_auth) then just yell. The same applied to any FreeRADIUS developers you manage to rope into this :-) Andrew Bartlett -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
FW: [Samba] MSCHAPv2 microsoft client/linux/Active Directory
I don't want to use a VPN to solve this one. I am really wondering with (samba 3.x) when the linux box become part of The AD domain does it get a special privileges? Hi,i am not sure if i understand yor needs, but maybe this helps this links guide you to setup a pptp server an client for linux http://www.poptop.org/ http://pptpclient.sourceforge.net/ there are patches to use smbpasswd to auth users which are conect via pptpd and MSCHAPv2 with domain the pptp client should work for login in ras servers radius shuold work too ( radius auth to ldap should work ) good Luck -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: FW: [Samba] MSCHAPv2 microsoft client/linux/Active Directory
On Sat, 2003-11-01 at 07:58, Ron Wahler wrote: I don't want to use a VPN to solve this one. So this is for dial-in only? I am really wondering with (samba 3.x) when the linux box become part of The AD domain does it get a special privileges? It's machine trust account gains privileges to validate NTLM (and MSCHAP/MSCHAPv2) authentication attempts against the DC, as well as any other rights you grant it. I have been implementing a system that allows pppd to authenticate against an NT (and AD) domain controller, using MSCHAP/MSCHAPv2. It will find a better home sometime, but my working copy is at: http://hawkerc.net/staff/abartlet/comp3700 It is a patch for pppd, to use Samba 3.0's winbind, and ntlm_auth to perform this authentication. Andrew Bartlett Hi,i am not sure if i understand yor needs, but maybe this helps this links guide you to setup a pptp server an client for linux http://www.poptop.org/ http://pptpclient.sourceforge.net/ there are patches to use smbpasswd to auth users which are conect via pptpd and MSCHAPv2 with domain the pptp client should work for login in ras servers radius shuold work too ( radius auth to ldap should work ) good Luck -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
