James McOrmond wrote: > With that, and a few configuration options (like making sure the host > was connected to the domain and ntlm_auth functioned as required), i've > managed to get PEAP and EAP-MSCHAPv2 working fine to the ntdomain.
The guides for *that* are online. > EAP-TTLS works fine with an account in the "users" file that has a clear > text password, as well as a local /etc/password account. Ideally this > should work with the ntdomain as well. Yes. You will need to configure a *separate* module to do ntlm_auth authentication via PAP. Something like: exec ntlm_auth_pap { wait = yes input_pairs = request shell_escape = yes output = none program = "/path/to/ntlm_auth --username=%{User-Name} --domain=DOMAIN --password=%{User-Password}" } See 'exec echo' example for more docs. Then in the authenticate section, do; Auth-Type PAP { ntlm_auth_pap } That will force *all* PAP requests to use ntlm_auth, but it will work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html