Active Directory Integration
Ivan Kalik
tnt at kalik.net
Wed Jul 2 14:50:04 CEST 2008
>I follow your documentation and succeed with the part "Configuring FreeRADIUS to use ntlm_auth"
>
>So I want to use "Configuring FreeRADIUS to use ntlm_auth for MS-CHAP",
Why? Your client is not using mschap. If you want to test if mschap works
you can send test requests with ntradping or JRadius Simulator. But it
will be of no pratical use since your clients are doing pap.
>Do I have to keep the following line in my radiusd.conf ?
>
>exec ntlm_auth {
> wait = no
>
> program = "/path/to/ntlm_auth ntlm_auth --request-nt-key
>--domain=MYDOMAIN --username=%{mschap:User-Name}
>--password=%{User-Password}"
> }
That's one way of doing things. But you will need to force auth type
which will brake other methods.
It's better to configure AD as the ldap server and retrieve the password
from it (as NT-Password) and let freeradius pap module do
authentication. Ldap "bind as user" authentication will work for pap
requests as well then.
Ivan Kalik
Kalik Informatika ISP
More information about the Freeradius-Users
mailing list