Derrick MacPherson <[EMAIL PROTECTED]> wrote: > I see freeradius can use ntlm_auth as well, though I'm not clear on it's > syntax.
See radiusd.conf for an example, and the ntlm_auth docs for it's command-line arguments. > I have squid using the same authentication criteria as the radius > server was using, that was based upon being in certain group. Can > freeradius support this as well? Sure, because FreeRADIUS doesn't care about command-line arguments to ntlm_auth. Add ass many arguments to ntlm_auth as you want. > ntlm_auth --helper-protocol=squid-2.5-ntlmssp This *isn't* supported. You have to pass the username & password on the command line, as in the examples. And if you're doing MSCHAP, you MUST also pass the "request nt key" option, too. > --require-membership -of=S-1-5-21-1058564242-1277044956-825688854-1337 > Domain Group (2) This is just noise to FreeRADIUS, which doesn't look at it, and doesn't care. If ntlm_auth returns success, so does FreeRADIUS. If it returns fail, so does FreeRADIUS. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
