"Sallee, Stephen (Jake)" <jake.sal...@umhb.edu> wrote: > Please forgive the interjection, but does anyone know of a helper > module like ntlm_auth that would work with LDAP, seems like such a > tool would make questions like this a non-issue.
No, will not work. You can't transform the normally used hashes back into a cleartext password. (This is kind of the whole point of a hash.) As long you don't have any means to provide FreeRADIUS with a cleartext password or the NT/LM-Hash, you are doomed. ntlm_auth just offloads the whole Challenge-Response exchange from the RADIUS server to the ActiveDirectory (as far as I understand it) using the ntlm_auth binary from Samba. Again: the AD will have to know the cleartext password in some way (either encrypted or somehow "pre-hashed") to make this work. (Don't know the specifics, I am a Unix guy, the only Windows near me is on my gaming computer.) Grüße, S° -- Sigmentation fault. Core dumped. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
