Hi all, I have set up Freeradius (v.2.1.10) to do password authentication from MySQL database and it works fine but now I need to make some users be able to authenticate against Active directory accounts. I’ve setup winbind to authenticate windows accounts and it works but as a result freeradius lost ability to authenticate by local database.
So if I comment the line: ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{%{Stripped-User-Name}:-%{User-Name:-None}} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}" in /modules/mschap file then local database authentication works fine but Active directory doesn’t. With uncommented ntlm_auth Active directory works but local database doesn’t. The WiFi access points that queries the radius using WPA-Enterprise, so passwords encrypted in EAP messages and so there is no another way to validate the passwords, it have to go through mschap module anyway. Is there a way to tell mschap to use ntlm_auth depending on field in MySQL table and use the internal mechanisms if plain text passwords available in the MySQL table?
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html