The authentication request comes in over RADIUS to the linux box.
I then need a way to authenticate to Active Directory with MS-CHAPv2
Passwords.
I currently use LDAP binds to authenticate the user, but that does not
Work with MS-CHAPv2.
> -----Original Message-----
> From: Andrew Bartlett [mailto:[EMAIL PROTECTED]
> Sent: Friday, October 31, 2003 3:39 PM
> To: Ron Wahler
> Cc: [EMAIL PROTECTED]
> Subject: Re: FW: [Samba] MSCHAPv2 microsoft client/linux/Active
Directory
>
> On Sat, 2003-11-01 at 07:58, Ron Wahler wrote:
> >
> > I don't want to use a VPN to solve this one.
>
> So this is for dial-in only?
>
> > I am really wondering with (samba 3.x) when the linux box become
part of
> > The AD domain does it get a special privileges?
>
> It's machine trust account gains privileges to validate NTLM (and
> MSCHAP/MSCHAPv2) authentication attempts against the DC, as well as
any
> other rights you grant it.
>
> I have been implementing a system that allows pppd to authenticate
> against an NT (and AD) domain controller, using MSCHAP/MSCHAPv2.
>
> It will find a better home sometime, but my working copy is at:
>
> http://hawkerc.net/staff/abartlet/comp3700
>
> It is a patch for pppd, to use Samba 3.0's winbind, and ntlm_auth to
> perform this authentication.
>
> Andrew Bartlett
>
> >
> > >
> > > Hi,i am not sure if i understand yor needs, but maybe this helps
> > > this links guide you to setup a pptp server an client for linux
> > > http://www.poptop.org/
> > > http://pptpclient.sourceforge.net/
> > > there are patches to use smbpasswd to auth
> > > users which are conect via pptpd
> > > and MSCHAPv2 with domain
> > > the pptp client should work for login in ras servers
> > > radius shuold work too ( radius auth to ldap should work )
> > > good Luck
> > >
> --
> Andrew Bartlett [EMAIL PROTECTED]
> Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
> Student Network Administrator, Hawker College [EMAIL PROTECTED]
> http://samba.org http://build.samba.org http://hawkerc.net
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba