Hello, I wonder whether there is a way to authenticate samba against NTLM2 enabled radius server without using encrypt passwords = no. I really have no other option than this. My situation is as follows. I have an organization that runs Microsoft Windows Server 2003 which is used as AD. This AD shares passwords with many information systems in our organisation and I would like to use these passwords also for samba users. Administrators of AD disagree to add my samba server to their AD. No way here. They agree to export LDAP (without passwords), Kerberos or Radius and possibly other services but not AD itself. Is there a way to authenticate my samba against their authentication service? If there is no way per-se, would it be possible to modify windbindd to authenticate via NTLM2 against the Radius server instead of AD? -- Luk?? Hejtm?nek
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Have you tried putting the following line in the [global] section of your smb.conf file? client ntlmv2 auth = yes Lukas Hejtmanek wrote:> Hello, > > I wonder whether there is a way to authenticate samba against NTLM2 enabled > radius server without using encrypt passwords = no. > > I really have no other option than this. My situation is as follows. > I have an organization that runs Microsoft Windows Server 2003 which is used > as AD. This AD shares passwords with many information systems in our > organisation and I would like to use these passwords also for samba users. > > Administrators of AD disagree to add my samba server to their AD. No way here. > They agree to export LDAP (without passwords), Kerberos or Radius and possibly > other services but not AD itself. > > Is there a way to authenticate my samba against their authentication service? > If there is no way per-se, would it be possible to modify windbindd to > authenticate via NTLM2 against the Radius server instead of AD? >- -- ________ Robert Freeman-Day https://launchpad.net/~presgas GPG Public Key: http://keyserver.ubuntu.com:11371/pks/lookup?op=get&search=0xBA9DF9ED3E4C7D36 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkqLDf8ACgkQup357T5MfTZPcQCfcOCy3tfJlr93q/0UyfDXwbP1 fk0An37iciENH9n71ovr0GqbnhYGcJn3 =u/SN -----END PGP SIGNATURE-----
On Tue, Aug 18, 2009 at 04:24:31PM -0400, Robert Freeman-Day wrote:> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Have you tried putting the following line in the [global] section of > your smb.conf file? > > client ntlmv2 auth = yesand what should I put there if I want to authenticate with radius server and not with ADS? -- Luk?? Hejtm?nek