On Thu, Jul 22, 2004 at 05:28:52PM -0400, Alan DeKok wrote: > Dave Mussulman <[EMAIL PROTECTED]> wrote: > > My question is: what are my authentication options with mschapv2? > > Clear-text passwords, or nt passwords. > > > I believe I would prefer FreeRADIUS to authenticate off > > of our Windows Active Directory domain, > > Nope. AD won't supply passwords. Use ntlm_auth.
Thanks for the pointer. Knock on wood, I think I have things working. This project is really amazing, and it's gotten really easy to setup EAP. That's a big credit to its maintainers. There's one more feature I'd like to configure before going into production. I'd like to authenticate locally (off the users file, and in production a mysql database,) and if that fails (user missing, etc.) fall back on the mschap/ntlm_auth scheme. What's the best way to set that up? Do I need the failover configurations, or special instructions in the users file, or special ordering in the authorize/authenticate section? The EAP tunneling has me confused where it gets its order from. Thanks, Dave - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
