> Technically, this is all I need; this seems like a hacked way of doing
> things,

Well, you have to hack things if you don't want freeradius server to
autheticate users but get the result of authentication done by something

> though and I want to understand the operations of the server
> better. I commented out the pap and unix modules in
> ../sites-enabled/inner-tunnel and default and I also removed the DEFAULT
> line from the top of the users file.

You should remove unix (if you are going to use AD passwords and not local
system ones). Put pap back. Instead of forcing things in users file put
this bit of unlang *below* pap in authorize:

if(!control:Auth-Type) {
     update control {
          Auth-Type = "ntlm-auth"

If none of the standard modules don't set Auth-Type this will set ntlm_auth.

Ivan Kalik

List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to