Re: How to authenticate users against a Windoze AD server with krb5?

--===============0085552831==
Content-Transfer-Encoding: 7bit
Content-Type: multipart/signed; boundary="nextPart4457189.5AlLqelaWb";
protocol="application/pgp-signature"; micalg=pgp-sha1

--nextPart4457189.5AlLqelaWb
Content-Type: text/plain;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

On Wednesday 01 June 2005 01:08, Alan DeKok wrote:
> The rlm_krb5 module takes a clear-text password from a RADIUS
> packet, and uses it to authenticate via kerberos. This may work
> against AD, but I don't think anyone has tried it.

Ouch! I think this answers my question... this method cannot work as the=20
clear-text password is never supplied by the client. EAP-MD5 is used=20
(802.1x). So it will only supply a MD5 hash...

Can ntlm_auth handle MD5 hashes as passwords???

Any solution to this or am I forced to use a M$ compatible radius server=20
instead?

Cheers
Arne

=2D-=20
Arne G=C3=B6tje (=E9=AB=98=E7=9B=9B=E8=8F=AF) <arne@linux.org.tw>
PGP/GnuPG key: 1024D/685D1E8C
=46ingerprint: 2056 F6B7 DEA8 B478 311F 1C34 6E9F D06E 685D 1E8C
Key available at wwwkeys.pgp.net. Encrypted e-mail preferred.


--nextPart4457189.5AlLqelaWb
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQBCnUEdbp/QbmhdHowRAgx2AJ44U5JAlwsgi9rxaDGpX/WxIU/Y6ACgmIaM
L4BNGXDe0hjLfVc+0a+eTbo=
=GTRP
-----END PGP SIGNATURE-----

--nextPart4457189.5AlLqelaWb--

--===============0085552831==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--===============0085552831==--