I cannot get
ntlm_auth to work within freeradius, and I hope someone can point me to the right answer, since
I've exhausted my ideas.
ntlm_auth works
manually.
The snippet from
radiusd.conf is:
mschap
{
authtype = MS-CHAP
use_mppe = yes
require_encryption = yes
require_strong = yes
#with_ntdomain_hack = no
ntlm_auth = "/opt/local/bin/ntlm_auth --request-nt-key --username=%{Stripped-User-Name:-%{User-Name:-None}} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"
authtype = MS-CHAP
use_mppe = yes
require_encryption = yes
require_strong = yes
#with_ntdomain_hack = no
ntlm_auth = "/opt/local/bin/ntlm_auth --request-nt-key --username=%{Stripped-User-Name:-%{User-Name:-None}} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"
}
When I run radiusd
-X, I see:
modcall:
entering group Auth-Type for request 2
rlm_mschap: No User-Password configured. Cannot create LM-Password.
rlm_mschap: No User-Password configured. Cannot create NT-Password.
rlm_mschap: No User-Password configured. Cannot create LM-Password.
rlm_mschap: No User-Password configured. Cannot create NT-Password.
What could the
problem be? I am passing a User-Password, as seen in the top of the debug
listing:
rad_recv:
Access-Request packet from host 127.0.0.1:51724, id=0,
length=69
User-Password = "12345"
User-Name = "duddley"
NAS-IP-Address = 127.0.0.1
MS-CHAP-Challenge = 0x7364666c6a333234
User-Password = "12345"
User-Name = "duddley"
NAS-IP-Address = 127.0.0.1
MS-CHAP-Challenge = 0x7364666c6a333234
Does
MS-CHAP-Use-NTLM-Auth need to be configured somewhere in the users
file? It seems to me somehow that the ntlm_auth isn't getting used at
all.
I
appreciate any advice - I haven't
found an answer after a lot of searching and trying different
things.
thanks!
-jd atkinson