----- Original Message -----
From: Dale E. Reed Jr. <daler@iea-software.com>
To: <ntisp@iea-software.com>
Sent: Sunday, March 07, 1999 9:51 PM
Subject: Re: [NTISP] Moving from the NT SAM
>Richard Fink wrote:
>>
>> >You can use many of the normal utilities to extract the usernames
>> >from the NT SAM. Then you can import all of those into a RadiusNT
>> >database with WINNT as the password and the password replace option.
>> >
>> >Eventually you can get a full userlist in the database without
>> >causing any disruption of your service (or your users ever knowing).
>>
>> How does that work Dale ? Getting the Userlist is no problem. But the
NT Passwords are. What does RadiusNT do here ? Does it just take the
"given" password from the user and then "make that" the Radius password ?
>>
>> Probably not a problem, but it seems like a non-customer user could get
one free chance to get in, in that case, thereby also mucking the real users
real password.
>>
>> I'll bet you've got it figured out better than that... I'd like to
understand it though.
>
>Yes, it definately works better than that. :)
>
>The first authentication, RadiusNT sees the user's paassword as "WINNT"
>and then compares thier password against the NT SAM. If the comparison
>is correct and password replace is on, it will replace the "WIINT" with
>the user's password they typed in the first place. All authentications
>after that come from the database, and the NT SAM user entry is no loner
>used or needed.
>
>--
>
>Dale E. Reed Jr. Emerald and RadiusNT
>__________________________________________
>IEA Software, Inc. www.iea-software.com
>
>For more information about this list, including removal,
>see this url: http://www.iea-software.com/maillist.html
>
For more information about this list, including removal,
see this url: http://www.iea-software.com/maillist.html