1. Added "user Auth-Type := ntlm_auth" to users file in /usr/local/etc/raddb
But your user is called test.
2. Added "ntlm_auth" into authenticate of default and inner-tunnel of sites-enabled directory
authenticate { ntlm_auth
Auth-Type PAP { pap } .. .. .. }
3. Added into exec file in modules directory: "exec ntlm_auth { wait = yes program = "/usr/bin/ntlm_auth ntlm_auth --request-nt-key --domain=TEST --username=%{mschap:User-Name} --password=%{User-Password}" }"
where domain is TEST
4. I did not enable ntlm for mschap yet
5. Ran radiusd -X and has no errors, and I extracted some information:
server inner-tunnel { modules { Module: Checking authenticate {...} for more modules to load Module: Instantiating ntlm_auth exec ntlm_auth { wait = yes program = "/usr/bin/ntlm_auth ntlm_auth --request-nt-key --domain=TEST --username=%{mschap:User-Name} --password=%{User-Password}" input_pairs = "request" shell_escape = yes }
6. I tried to do a SSH authentication with pam-radius and it was not successful... rad_recv: Access-Request packet from host 127.0.0.1 port 26805, id=72, length=86 User-Name = "test" User-Password = "password" NAS-IP-Address = 127.0.0.1 NAS-Identifier = "sshd" NAS-Port = 25780 NAS-Port-Type = Virtual Service-Type = Authenticate-Only Calling-Station-Id = "10.0.0.151" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "test", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound ++[files] returns noop
No match in files. Fix users file entry. Ivan Kalik Kalik Informatika ISP