Re: [NTISP] Moving from the NT SAM

Richard Fink ( )
Sun, 07 Mar 1999 23:18:41 -0800

At 07:51 PM 3/7/99 -0800, you wrote:
>Richard Fink wrote:
>> >You can use many of the normal utilities to extract the usernames
>> >from the NT SAM. Then you can import all of those into a RadiusNT
>> >database with WINNT as the password and the password replace option.
>> >
>> >Eventually you can get a full userlist in the database without
>> >causing any disruption of your service (or your users ever knowing).
>> How does that work Dale ? Getting the Userlist is no problem. But the NT
>Passwords are. What does RadiusNT do here ? Does it just take the "given"
>password from the user and then "make that" the Radius password ?
>> Probably not a problem, but it seems like a non-customer user could get
>one free chance to get in, in that case, thereby also mucking the real users
>real password.
>> I'll bet you've got it figured out better than that... I'd like to
>understand it though.
>Yes, it definately works better than that. :)
>The first authentication, RadiusNT sees the user's paassword as "WINNT"
>and then compares thier password against the NT SAM. If the comparison
>is correct and password replace is on, it will replace the "WIINT" with
>the user's password they typed in the first place. All authentications
>after that come from the database, and the NT SAM user entry is no loner
>used or needed.

Very cool. Thanks.


>Dale E. Reed Jr. Emerald and RadiusNT
>IEA Software, Inc.
>For more information about this list, including removal,
>see this url:

Richard Fink Tel: 415 381-0215
WorldPassage Fax: 415 381-0822
P.O.Box 2339
Mill Valley, CA 94942
WorldPassage is a communications service and Internet Service
Provider owned and operated by RainTree Computer Systems, Inc.

For more information about this list, including removal,
see this url: