Hi all,
I have set up Freeradius (v.2.1.10) to do password authentication from
MySQL database and it works fine but now I need to make some users be able
to authenticate against Active directory accounts. I’ve setup winbind to
authenticate windows accounts and it works but as a result freeradius lost
ability to authenticate by local database.
So if I comment the line:
ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key
--username=%{%{Stripped-User-Name}:-%{User-Name:-None}}
--challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"
in /modules/mschap file then local database authentication works fine but
Active directory doesn’t. With uncommented ntlm_auth Active directory works
but local database doesn’t.
The WiFi access points that queries the radius using WPA-Enterprise, so
passwords encrypted in EAP messages and so there is no another way to
validate the passwords, it have to go through mschap module anyway.
Is there a way to tell mschap to use ntlm_auth depending on field in MySQL
table and use the internal mechanisms if plain text passwords available in
the MySQL table?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
