Alan DeKok wrote:
James McOrmond wrote:
This is a Samba NT domain, not AD. I do not have access to the plain
text password through Samba or LDAP.
Samba is a lot friendlier about passwords than AD is.
Of course it is.. <G> I probably should have mentioned samba in the
original message.
The "Protocol and Password Compatibility" chart and the "Authenticaiton
Systems and Password Compatibility" chart from the "Deploying RADIUS:
The Book" page specifically says PAP/ntlm_auth is functional. Regular
CHAP is not because it requires the clear-text password.
The issue is convincing the database to give FreeRADIUS *something* to
use for authetnication. The web page lists ntlm_auth only because of AD
limitations.
With Samba, you just map the LDAP "ntpasswd" or "sambantpasswd"
attribute to the RADIUS attribute. See ldap.attrmap.
OK. definitely progress. It's authenticating with EAP-TTLS now as
well.. But..
Using secureW2 in the windows client - if I put anything in the DOMAIN
field, it doesn't work well - likely because my userid is still
[EMAIL PROTECTED] when it attempts to connect to ldap.
possibly I have the ntdomain hack stuff wrong? or maybe some realm
settings missing? suffix is enabled..
--
James A. McOrmond ([EMAIL PROTECTED])
Network Administrator
Xandros Corporation, Ottawa, Canada.
Morpheus: ...after a century of war I remember that which matters most:
*We are still HERE!*
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html