Re: [NTISP] Moving from the NT SAM

Richard Fink ( rfink@worldpassage.net )
Sun, 07 Mar 1999 23:18:41 -0800

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Previous message: Dale E. Reed Jr.: "Re: [NTISP] Moving from the NT SAM"
Next message: Michael E. Hanson: "RE: [NTISP] Any one seen this before???"

At 07:51 PM 3/7/99 -0800, you wrote:
>Richard Fink wrote:
>>
>> >You can use many of the normal utilities to extract the usernames
>> >from the NT SAM. Then you can import all of those into a RadiusNT
>> >database with WINNT as the password and the password replace option.
>> >
>> >Eventually you can get a full userlist in the database without
>> >causing any disruption of your service (or your users ever knowing).
>>
>> How does that work Dale ? Getting the Userlist is no problem. But the NT
>Passwords are. What does RadiusNT do here ? Does it just take the "given"
>password from the user and then "make that" the Radius password ?
>>
>> Probably not a problem, but it seems like a non-customer user could get
>one free chance to get in, in that case, thereby also mucking the real users
>real password.
>>
>> I'll bet you've got it figured out better than that... I'd like to
>understand it though.
>
>Yes, it definately works better than that. :)
>
>The first authentication, RadiusNT sees the user's paassword as "WINNT"
>and then compares thier password against the NT SAM. If the comparison
>is correct and password replace is on, it will replace the "WIINT" with
>the user's password they typed in the first place. All authentications
>after that come from the database, and the NT SAM user entry is no loner
>used or needed.

Very cool. Thanks.

-Ric

>--
>
>Dale E. Reed Jr. Emerald and RadiusNT
>__________________________________________
>IEA Software, Inc. www.iea-software.com
>
>For more information about this list, including removal,
>see this url: http://www.iea-software.com/maillist.html

=====================================================================
Richard Fink Tel: 415 381-0215
WorldPassage Fax: 415 381-0822
P.O.Box 2339 rfink@worldpassage.net
Mill Valley, CA 94942 http://www.worldpassage.net
WorldPassage is a communications service and Internet Service
Provider owned and operated by RainTree Computer Systems, Inc.

For more information about this list, including removal,
see this url: http://www.iea-software.com/maillist.html

Previous message: Dale E. Reed Jr.: "Re: [NTISP] Moving from the NT SAM"
Next message: Michael E. Hanson: "RE: [NTISP] Any one seen this before???"