Bruce Marriner wrote:
On all examples of setting up FreeRadius with VPN configurations against AD they all just say to basicly.. change the radiusd.conf file to turn on mppe in the mschap section and setup winbindd so it works. But I read some place that I also need EAP or.. PEAP to get this to work.
No. The documentation says that PEAP and Active Directory require ntlm_auth. ntlm_auth && VPN's do not require EAP or PEAP.
I’m not sure if that’s required and that’s my primary question right now? Does anyone know the specific things I need to setup so freeradius can authenticate via the ntlm_auth tool back to PPPD?
Get ntlm_auth working from the command line. Get ntlm_auth working for a request sent via "radtest". Make sure PPPd isn't using CHAP. It should work. ...
rad_recv: Access-Request packet from host 127.0.0.1:32774, id=123, length=94 Service-Type = Framed-User Framed-Protocol = PPP User-Name = "supersecretuser" CHAP-Challenge = 0xafd50494421ab0f8cc743432bbd7000278ee8748078c2b CHAP-Password = 0x8a3ab7e348bc7de701db2207475d474831
Make sure PPPd isn't using CHAP. Alan DeKok.