Hi,
exec ntlm_auth_pap { wait = yes input_pairs = request shell_escape = yes output = none
program = "/path/to/ntlm_auth --username=%{User-Name} --domain=EXCHANGE --password=%{User-Password}" ^^^^^^^^^^^^
i really do hope that you changed that bit to be the correct $PATH for your ntlm_auth command
and I edited /etc/freeradius/sites-available/default file and /etc/freeradius/sites-enabled/default, section authenticate to
Auth-Type PAP { ntlm_auth_pap }
no. this is TTLS, so this is going to occur in the inner-tunnel unless you've really cooked up your config is some wierd way. a default install will use the inner-tunnel sites-enabled file - put your ntlm_auth_pap stuff into that file.
server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound [suffix] No '@' in User-Name = "testuser", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
Failed to authenticate the user. } # server inner-tunnel
see. inner-tunnel. you arent dealing with the user properly alan