FW: [Samba] MSCHAPv2 microsoft client/linux/Active Directory
Andrew Bartlett
abartlet at samba.org
Fri Oct 31 22:38:36 GMT 2003
On Sat, 2003-11-01 at 07:58, Ron Wahler wrote:
>
> I don't want to use a VPN to solve this one.
So this is for dial-in only?
> I am really wondering with (samba 3.x) when the linux box become part of
> The AD domain does it get a special privileges?
It's machine trust account gains privileges to validate NTLM (and
MSCHAP/MSCHAPv2) authentication attempts against the DC, as well as any
other rights you grant it.
I have been implementing a system that allows pppd to authenticate
against an NT (and AD) domain controller, using MSCHAP/MSCHAPv2.
It will find a better home sometime, but my working copy is at:
http://hawkerc.net/staff/abartlet/comp3700
It is a patch for pppd, to use Samba 3.0's winbind, and ntlm_auth to
perform this authentication.
Andrew Bartlett
>
> >
> > Hi,i am not sure if i understand yor needs, but maybe this helps
> > this links guide you to setup a pptp server an client for linux
> > http://www.poptop.org/
> > http://pptpclient.sourceforge.net/
> > there are patches to use smbpasswd to auth
> > users which are conect via pptpd
> > and MSCHAPv2 with domain
> > the pptp client should work for login in ras servers
> > radius shuold work too ( radius auth to ldap should work )
> > good Luck
> >
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20031101/18265693/attachment.bin
More information about the samba
mailing list