James McOrmond wrote:
> With that, and a few configuration options (like making sure the host
> was connected to the domain and ntlm_auth functioned as required), i've
> managed to get PEAP and EAP-MSCHAPv2 working fine to the ntdomain.
The guides for *that* are online.
> EAP-TTLS works fine with an account in the "users" file that has a clear
> text password, as well as a local /etc/password account. Ideally this
> should work with the ntdomain as well.
Yes. You will need to configure a *separate* module to do ntlm_auth
authentication via PAP.
Something like:
exec ntlm_auth_pap {
wait = yes
input_pairs = request
shell_escape = yes
output = none
program = "/path/to/ntlm_auth --username=%{User-Name}
--domain=DOMAIN
--password=%{User-Password}"
}
See 'exec echo' example for more docs.
Then in the authenticate section, do;
Auth-Type PAP {
ntlm_auth_pap
}
That will force *all* PAP requests to use ntlm_auth, but it will work.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
