FreeRadius with ntlm_auth

Alan Buxey A.L.M.Buxey at lboro.ac.uk
Thu Dec 3 13:50:43 CET 2009


Hi,
> 
> Hi All:
> 
> My name is Charles and I need to  "Configure my FreeRadius to use ntlm_auth" to authenticate  NT users.
> Actually, I am getting to do this for only one NT group, but  I need to do this for more NT groups.
> 
> My configuration in "radius.conf" for ntlm_auth for one NT group is:
> 
>         exec win_domain {
>                 wait = yes
>                 input_pairs = request
>                 output_pairs = reply
>                     program = "/usr/local/bin/ntlm_auth --request-nt-key --domain=COPEL --username=%{User-Name:-None} --password=%{User-Password} --require-membership-of=COPEL\\Group1"
>                      }
> 
> My environment is: FreeBSD 6.2 + Samba 3.0.26a + freeradius 1.1.7
> 
> How can I do this configuration for more than one NT group ? Any idea ?
> Thanks,
> Charles.

does the domain come through as part of the request? if so you can simply
use the example ntlm_auth to do the substitution .

if not...well, you could so a large check table where every auth is tried
until one works....and if none work then they get rejected. bit messy
but redundant auth statements work okay and are very handy - eg for what
you migrate to a new AD system but half of users are still in the old
one or in a DB etc.

alan



More information about the Freeradius-Users mailing list