freeradius with NTLM authentication
Phil Mayers
p.mayers at imperial.ac.uk
Fri Oct 22 00:06:51 CEST 2010
On 10/21/2010 10:40 PM, Ramzi Abdallah wrote:
> I have configured freeradius version 2.1.9 with mySQL backend and Active
> Directory integration (NTLM) for the purpose of using it to authenticate
> users against firewall protected policies.
>
>
> So far it’s all working. When a user hits a firewall protected policy he
> is prompted to authenticate after which the radius query the AD for the
> username and password. If the user credentials are correct access is
> granted.
What is prompting here? How is the firewall asking the user for a
password? Is this web intercept?
If so, then the NAS is the firewall, and when a user makes an HTTP
request, it is asking for their credentials via some kind of HTTP auth,
then sending them to the radius server, yes?
Also, FreeRadius can't be "querying AD for the password". The LDAP
server embedded into Active Directory will not give up the password. How
have you got FreeRadius configured - be precise, or better yet, post the
debug output of a successful request.
>
> The bit that I cannot figure out is how to let the Radius use NTLM to
> check if the user is already logged in the domain controller and if so
> not to prompt him for his username and password via the firewall captive
> portal. Is that doable or I missed the idea behind the Active Directory
> integration?
I'm not sure I really understand what you want, but if I do, it's
impossible. If you can give more details about your setup I can answer
further, but basically the firewall is doing the prompting - the
firewall would have to implement NTLM auth, not FreeRadius.
More information about the Freeradius-Users
mailing list