>I follow your documentation and succeed with the part "Configuring FreeRADIUS
>to use ntlm_auth"
>
>So I want to use "Configuring FreeRADIUS to use ntlm_auth for MS-CHAP",
Why? Your client is not using mschap. If you want to test if mschap works
you can send test requests with ntradping or JRadius Simulator. But it
will be of no pratical use since your clients are doing pap.
>Do I have to keep the following line in my radiusd.conf ?
>
>exec ntlm_auth {
> wait = no
>
> program = "/path/to/ntlm_auth ntlm_auth --request-nt-key
>--domain=MYDOMAIN --username=%{mschap:User-Name}
>--password=%{User-Password}"
> }
That's one way of doing things. But you will need to force auth type
which will brake other methods.
It's better to configure AD as the ldap server and retrieve the password
from it (as NT-Password) and let freeradius pap module do
authentication. Ldap "bind as user" authentication will work for pap
requests as well then.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
