Any way for ntlm_auth + winbind to not use ms-chap?
Matthew Newton
mcn4 at leicester.ac.uk
Thu Jun 16 23:36:42 CEST 2016
On Thu, Jun 16, 2016 at 11:51:09AM -0700, Mike Ely wrote:
> I'd like to use some other auth mechanism to pass the user/pass combination
> to the radius server and have it test there without having to go through the
> MS-CHAP challenge-response rigmorale. Main reason being getting Perl on the
> NAS side to manage all the MS-CHAP stuff appears to be a new problem to
> solve, somehow.
>
> How can this be done, and why shouldn't it be?
Not sure the question makes much sense. If you're doing MSCHAP
then there is a challenge/response by definition.
What "other auth mechanism" to pass the user/password to the
RADIUS server? That's RADIUS....
If you want to tell FreeRADIUS to do MSCHAP internally and not
call ntlm_auth then set control:MS-CHAP-Use-NTLM-Auth := No (see
mods-available/mschap).
Otherwise, sorry. I don't understand what you're asking.
Matthew
--
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
More information about the Freeradius-Users
mailing list