So the authentication path looks like this.
Windows XP - Access Point - RADIUS - LINUX/FreeRadius/samba -
(ldap) Active Directory Server.
But I want to do this with MS-CHAPv2 password encryption not PAP.
I have this working with TTLS/PAP. And want to do it with PEAP/mschap
Ron.
-Original Message-
From: Ron Wahler
Sent: Tuesday, November 04, 2003 8:04 AM
To: [EMAIL PROTECTED]
Subject: FW: [Samba] MSCHAPv2 microsoft client/linux/Active Directory
The authentication request comes in over RADIUS to the linux box.
I then need a way to authenticate to Active Directory with MS-CHAPv2
Passwords.
I currently use LDAP binds to authenticate the user, but that does not
Work with MS-CHAPv2.
-Original Message-
From: Andrew Bartlett [mailto:[EMAIL PROTECTED]
Sent: Friday, October 31, 2003 3:39 PM
To: Ron Wahler
Cc: [EMAIL PROTECTED]
Subject: Re: FW: [Samba] MSCHAPv2 microsoft client/linux/Active
Directory
On Sat, 2003-11-01 at 07:58, Ron Wahler wrote:
I don't want to use a VPN to solve this one.
So this is for dial-in only?
I am really wondering with (samba 3.x) when the linux box become
part of
The AD domain does it get a special privileges?
It's machine trust account gains privileges to validate NTLM (and
MSCHAP/MSCHAPv2) authentication attempts against the DC, as well as
any
other rights you grant it.
I have been implementing a system that allows pppd to authenticate
against an NT (and AD) domain controller, using MSCHAP/MSCHAPv2.
It will find a better home sometime, but my working copy is at:
http://hawkerc.net/staff/abartlet/comp3700
It is a patch for pppd, to use Samba 3.0's winbind, and ntlm_auth to
perform this authentication.
Andrew Bartlett
Hi,i am not sure if i understand yor needs, but maybe this helps
this links guide you to setup a pptp server an client for linux
http://www.poptop.org/
http://pptpclient.sourceforge.net/
there are patches to use smbpasswd to auth
users which are conect via pptpd
and MSCHAPv2 with domain
the pptp client should work for login in ras servers
radius shuold work too ( radius auth to ldap should work )
good Luck
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator, Hawker College [EMAIL PROTECTED]
http://samba.org http://build.samba.org http://hawkerc.net
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba