3.72. <AuthBy NTLM> Previous topic Parent topic Child topic Next topic

This clause authenticates against a Windows Domain Controller, using the ntlm_auth program, which is part of the Samba suite. For more information, see Samba website Opens in new window. ntlm_auth runs on all Unix and Linux platforms, and therefore <AuthBy NTLM> can be used on Unix or Linux to authenticate to a Windows Domain Controller.
<AuthBy NTLM> supports PAP, MSCHAP, MSCHAPV2 and EAP-MSCHAPV2 authentication. CHAP is not supported due to limitations in the Windows support for CHAP authentication.
<AuthBy NTLM> requires that ntlm_auth and winbindd, both part of Samba, are installed and configured correctly. See goodies/smb.conf.winbindd for sample configuration and installation hints.
<AuthBy NTLM> runs the Samba utility ntlm_auth as a child process in order to authenticate requests. It keeps ntlm_auth running between requests and passes it authentication information on stdin, and gets back the authentication results from stdout.
Because AuthBy NTLM requires that ntlm_auth be properly installed and configured with winbindd, it is vitally important that you confirm that ntlm_auth is working properly before trying to use AuthBy NTLM. You can test ntlm_auth like this:
ntlm_auth --username=yourusername --domain=yourdomain --password=
yourpassword
if that does not work for a valid user name and password, there is no way that AuthBy NTLM will work. Make sure ntlm_auth works first!
CAUTION
AuthBy NTLM blocks while waiting for the result output of ntlm_auth.
Tip
If you are running Radiator on Windows, and wish to authenticate to Windows Active Directory or to a Windows Domain Controller. For more information, see Section 3.58. <AuthBy LSA>.
Tip
Depending on the ownerships and permissions of certain samba files, Radiator may need to run with root permission.