you have authentication section
so far we've got plaint text password and this is our problem, we need nt-domain hash.
you could try comment line with unix auth
and uncomment Auth-Type LDAP, but this will propably cause other errors.
I've done this before so linux users with pap auth were authenticated succesfully, but trully I remove this and backuped in wrong place (it's gone) so I can't easy come back to this, but I don't want to.
AD is compatible with LDAP in way we wanted to.
We need Kerberos to get ticket to get authenticated - http://www.google.pl/imgres?q=kerberos+eap&um=1&hl=pl&authuser=0&biw=1920&bih=913&tbm=isch&tbnid=4SMvBpPK_Big9M:&imgrefurl=http://anil-identity.blogspot.com/2009_02_01_archive.html&docid=xeW3QfB9c27wtM&imgurl=http://identitymeme.org/wp-content/uploads/2009/02/krbandweb-opps_06-700x366.png&w=700&h=366&ei=gUcLT5qpEcmq-AaFwL20AQ&zoom=1&iact=hc&vpx=1506&vpy=159&dur=1520&hovh=162&hovw=311&tx=119&ty=97&sig=107427534317749718724&page=1&tbnh=86&tbnw=164&start=0&ndsp=53&ved=1t:429,r:8,s:0
To get Kerberos working with AD we need get winbind (which is in Samba packet). Winbind is service allows to get authenticated over Windows PDC.
rlm_smb is something worth to try and interesting.
About Samba compiling, I think someone could try to use samba as file sharing server so firewall would be messed up.
I wanted to use Samba only for purpose to authenticate user and I think it is possible
Two weeks ago I've bought new netgear router to my workplace, upgraded to OpenWRT and wanted to authenticate wifi via 802.1x.
As Domain Controller shouldn't be used for this for security reasons I decided to do it on pfsense router. Didn't search forum what's going on with this packet, didn't see this in GUI so recompiled freeradius on freebsd virtual machine and added necessary libraries for that.
I've come here because I was exhausted for tryin' ntlm_auth to work. Squid package has some ntlm_auth without samba, so I assumed it is possible. Now I think my assumption was wrong
Okay, now I'm reading about rlm_smb, maybe do something with that.
one weird thing, in dd-wrt it is for 5 years and it is still experimental? am I missing something?