[Samba] MSCHAPv2 microsoft client/linux/Active Directory

Ron Wahler ron at rovingplanet.com
Tue Nov 4 16:45:06 GMT 2003


So the authentication path looks like this.

Windows XP -> Access Point -> RADIUS -> LINUX/FreeRadius/samba  ->
(ldap) Active Directory Server.

But I want to do this with MS-CHAPv2 password encryption not PAP.
I have this working with TTLS/PAP.  And want to do it with PEAP/mschap

Ron.


> -----Original Message-----
> From: Ron Wahler
> Sent: Tuesday, November 04, 2003 8:04 AM
> To: samba at lists.samba.org
> Subject: FW: [Samba] MSCHAPv2 microsoft client/linux/Active Directory
> 
> 
> 
> 
> The authentication request comes in over RADIUS to the linux box.
> I then need a way to authenticate to Active Directory with MS-CHAPv2
> Passwords.
> I currently use LDAP binds to authenticate the user, but that does not
> Work with MS-CHAPv2.
> 
> 
> 
> > -----Original Message-----
> > From: Andrew Bartlett [mailto:abartlet at samba.org]
> > Sent: Friday, October 31, 2003 3:39 PM
> > To: Ron Wahler
> > Cc: samba at lists.samba.org
> > Subject: Re: FW: [Samba] MSCHAPv2 microsoft client/linux/Active
> Directory
> >
> > On Sat, 2003-11-01 at 07:58, Ron Wahler wrote:
> > >
> > > I don't want to use a VPN to solve this one.
> >
> > So this is for dial-in only?
> >
> > > I am really wondering with (samba 3.x) when the linux box become
> part of
> > > The AD domain does it get a special privileges?
> >
> > It's machine trust account gains privileges to validate NTLM (and
> > MSCHAP/MSCHAPv2) authentication attempts against the DC, as well as
> any
> > other rights you grant it.
> >
> > I have been implementing a system that allows pppd to authenticate
> > against an NT (and AD) domain controller, using MSCHAP/MSCHAPv2.
> >
> > It will find a better home sometime, but my working copy is at:
> >
> > http://hawkerc.net/staff/abartlet/comp3700
> >
> > It is a patch for pppd, to use Samba 3.0's winbind, and ntlm_auth to
> > perform this authentication.
> >
> > Andrew Bartlett
> >
> > >
> > > >
> > > > Hi,i am not sure if i understand yor needs, but maybe this helps
> > > > this links guide you to setup a pptp server an client for linux
> > > > http://www.poptop.org/
> > > > http://pptpclient.sourceforge.net/
> > > > there are patches to use smbpasswd to auth
> > > > users which are conect via pptpd
> > > > and MSCHAPv2 with domain
> > > > the pptp client should work for login in ras servers
> > > > radius shuold work too ( radius auth to ldap should work )
> > > > good Luck
> > > >
> > --
> > Andrew Bartlett                                 abartlet at pcug.org.au
> > Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
> > Student Network Administrator, Hawker College   abartlet at hawkerc.net
> > http://samba.org     http://build.samba.org     http://hawkerc.net
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba



More information about the samba mailing list