Re: ppp authentication windows NT domain
What he is saying is that pap should work fine with smb authentication but you can not do chap because smb uses encrypted passwd and the only way that chap will work is if the passwd is stored in plain text on the server. - Original Message - From: Miriam Benham [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, November 13, 2002 5:25 PM Subject: Re: ppp authentication windows NT domain I'm confused. What do you mean with That's not true Alan DeKok wrote: Miriam Benham [EMAIL PROTECTED] wrote: PAP works great with my existing NT domain authentication configuration, but if I use CHAP it fails. I've read that I have to create users credentials on the freeradius server if I want to use CHAP. That's not true. PAP is fine. As for why CHAP fails, see the FAQ. The problem with SMB authentication is exactly the same as for Unix authentication against /etc/passwd Question: Is there anyway around the username/password duplication on the freeradius server. Is there any way to have the password encrypted through the phone line (using CHAP) and get authenticated by the NT domain server without using password in the clear PAP. No. See the FAQ. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ppp authentication windows NT domain
Miriam Benham [EMAIL PROTECTED] wrote: PAP works great with my existing NT domain authentication configuration, but if I use CHAP it fails. I've read that I have to create users credentials on the freeradius server if I want to use CHAP. That's not true. PAP is fine. As for why CHAP fails, see the FAQ. The problem with SMB authentication is exactly the same as for Unix authentication against /etc/passwd Question: Is there anyway around the username/password duplication on the freeradius server. Is there any way to have the password encrypted through the phone line (using CHAP) and get authenticated by the NT domain server without using password in the clear PAP. No. See the FAQ. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ppp authentication windows NT domain
On Wed, Nov 13, 2002 at 03:58:48PM -0500, Alan DeKok wrote: Miriam Benham [EMAIL PROTECTED] wrote: PAP works great with my existing NT domain authentication configuration, but if I use CHAP it fails. I've read that I have to create users credentials on the freeradius server if I want to use CHAP. That's not true. PAP is fine. As for why CHAP fails, see the FAQ. The problem with SMB authentication is exactly the same as for Unix authentication against /etc/passwd Unless you're doing MS-CHAP. Then you only have implementation obstacles to overcome, rather than matters of mathematical certainty. :) -- Steve Langasek postmodern programmer msg10996/pgp0.pgp Description: PGP signature
