Help configuring FreeRadius with PPPD and ntlm_auth
Alan DeKok
aland at deployingradius.com
Mon Aug 20 18:04:54 CEST 2007
Bruce Marriner wrote:
> On all examples of setting up FreeRadius with VPN configurations against AD they all just say to basicly.. change the radiusd.conf file to turn on mppe in the mschap section and setup winbindd so it works. But I read some place that I also need EAP or.. PEAP to get this to work.
No. The documentation says that PEAP and Active Directory require
ntlm_auth. ntlm_auth && VPN's do not require EAP or PEAP.
> I’m not sure if that’s required and that’s my primary question right now? Does anyone know the specific things I need to setup so freeradius can authenticate via the ntlm_auth tool back to PPPD?
Get ntlm_auth working from the command line.
Get ntlm_auth working for a request sent via "radtest".
Make sure PPPd isn't using CHAP.
It should work.
...
> rad_recv: Access-Request packet from host 127.0.0.1:32774, id=123, length=94
> Service-Type = Framed-User
> Framed-Protocol = PPP
> User-Name = "supersecretuser"
> CHAP-Challenge = 0xafd50494421ab0f8cc743432bbd7000278ee8748078c2b
> CHAP-Password = 0x8a3ab7e348bc7de701db2207475d474831
Make sure PPPd isn't using CHAP.
Alan DeKok.
More information about the Freeradius-Users
mailing list