Nathan McDavit-Van Fleet wrote: > Can someone maybe describe exactly what's happening internally?
The debug output shows exactly what it is doing, and often also shows why. > From my > understanding it should be checking "files" as per the setup in > "inner-tunnel" which is what mschap uses. I made sure that "files" appeared > before mschap in "inner-tunnel" but it has no effect; ntlm_auths still work > and "files" aren't. See the FAQ for "it doesn't work". You've also confused authorization with authentication. They're different. > Past that I'm not sure what I can do. Since files work without ntlm_auth, I > have no reason to believe I have to insert "files" anyplace new, and I'm not > certain what it is I should disable. It should just check files before > ntlm_auth. You've confused two independent things. The "files" module does things like "set the 'known good' password". Any "ntlm_auth" module involves checking the password in the packet against Active Directory. They are *completely* different operations. For Active Directory instructions, see: http://deployingradius.com/documents/configuration/active_directory.html > If I implemented anything using unlang it would be checking files before > ntlm_auth. It already does that in the default configuration. You are stuck because you are focussed on a particular implementation: "files before ntlm_auth". The statement (and question behind it) are wrong. Instead, state what you want to do. The rest should be relatively simple. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html