So the authentication path looks like this. Windows XP -> Access Point -> RADIUS -> LINUX/FreeRadius/samba -> (ldap) Active Directory Server.
But I want to do this with MS-CHAPv2 password encryption not PAP. I have this working with TTLS/PAP. And want to do it with PEAP/mschap Ron. > -----Original Message----- > From: Ron Wahler > Sent: Tuesday, November 04, 2003 8:04 AM > To: [EMAIL PROTECTED] > Subject: FW: [Samba] MSCHAPv2 microsoft client/linux/Active Directory > > > > > The authentication request comes in over RADIUS to the linux box. > I then need a way to authenticate to Active Directory with MS-CHAPv2 > Passwords. > I currently use LDAP binds to authenticate the user, but that does not > Work with MS-CHAPv2. > > > > > -----Original Message----- > > From: Andrew Bartlett [mailto:[EMAIL PROTECTED] > > Sent: Friday, October 31, 2003 3:39 PM > > To: Ron Wahler > > Cc: [EMAIL PROTECTED] > > Subject: Re: FW: [Samba] MSCHAPv2 microsoft client/linux/Active > Directory > > > > On Sat, 2003-11-01 at 07:58, Ron Wahler wrote: > > > > > > I don't want to use a VPN to solve this one. > > > > So this is for dial-in only? > > > > > I am really wondering with (samba 3.x) when the linux box become > part of > > > The AD domain does it get a special privileges? > > > > It's machine trust account gains privileges to validate NTLM (and > > MSCHAP/MSCHAPv2) authentication attempts against the DC, as well as > any > > other rights you grant it. > > > > I have been implementing a system that allows pppd to authenticate > > against an NT (and AD) domain controller, using MSCHAP/MSCHAPv2. > > > > It will find a better home sometime, but my working copy is at: > > > > http://hawkerc.net/staff/abartlet/comp3700 > > > > It is a patch for pppd, to use Samba 3.0's winbind, and ntlm_auth to > > perform this authentication. > > > > Andrew Bartlett > > > > > > > > > > > > > Hi,i am not sure if i understand yor needs, but maybe this helps > > > > this links guide you to setup a pptp server an client for linux > > > > http://www.poptop.org/ > > > > http://pptpclient.sourceforge.net/ > > > > there are patches to use smbpasswd to auth > > > > users which are conect via pptpd > > > > and MSCHAPv2 with domain > > > > the pptp client should work for login in ras servers > > > > radius shuold work too ( radius auth to ldap should work ) > > > > good Luck > > > > > > -- > > Andrew Bartlett [EMAIL PROTECTED] > > Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] > > Student Network Administrator, Hawker College [EMAIL PROTECTED] > > http://samba.org http://build.samba.org http://hawkerc.net > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
