FreeRADIUS and Active Directory

Mike Loosbrock m-loosbrock at bethel.edu
Fri Feb 20 14:51:03 CET 2009


On Feb 19, 2009, at 11:11 AM, Tomas wrote:
> Do I need to change my modules/mschap config? Currently I have:
> ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%
> {Stripped-User-Name:-%{User-Name:-None}} --challenge=%
> {mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"

As Ivan eluded to earlier, you need to use '--username=%{mschap:User-
Name}' in your ntlm_auth command-line. The mschap module automagically
turns 'host/PC1.ad.lab.com' into 'PC1$', (the username that AD uses to
authenticate the machine). You may also need to specify the domain
with '--domain=%{mschap:NT-Domain}'.

Mike Loosbrock
Bethel University Network Services
651-638-6723




More information about the Freeradius-Users mailing list