As I said some days ago in this list, we have configured our freeradius server to use ntlm_auth for autentication following the document:
http://deployingradius.com/documents/configuration/active_directory.html
Everything is working as expected. Thanks!
But I have some doubts about that documentation.
In section "Configuring FreeRADIUS to use ntlm_auth" is said to "to list ntlm_auth in the authenticate sections of each the raddb/sites-enabled/default file, and of the raddb/sites-enabled/inner-tunnel file."
I have made some tests and it seems that is not needed to add it, as freeradius is using mschap module to autenticate.
+- entering group MS-CHAP {...}
[mschap] Client is using MS-CHAPv1 with NT-Password
[mschap] expand: %{Stripped-User-Name} -> oscarrdg
[mschap] expand: --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}} -> --username=oscarrdg
[mschap] mschap1: b9
[mschap] expand: %{mschap:Challenge} -> b9415739df3a9c1b
[mschap] expand: --challenge=%{%{mschap:Challenge}:-00} -> --challenge=b9415739df3a9c1b
[mschap] expand: %{mschap:NT-Response} -> 2d41aa6d7e87e086dfc2920f2234b58ca1f6efe2c71505b8
[mschap] expand: --nt-response=%{%{mschap:NT-Response}:-00} -> --nt-response=2d41aa6d7e87e086dfc2920f2234b58ca1f6efe2c71505b8
Exec-Program output: NT_KEY: 312D5366FF0179461F1E13FA4AECD06A
Exec-Program-Wait: plaintext: NT_KEY: 312D5366FF0179461F1E13FA4AECD06A
Exec-Program: returned: 0
[mschap] adding MS-CHAPv1 MPPE keys
++[mschap] returns ok
Is there anything else to take into account considering adding that section to the virtual servers configuration or not? Or is it just needed when Auth-Type is set to ntlm_auth manually in order to test the system?
I usually prefer to let config files as similar to the default files as posible.
Thank you so much for your help.
Regards,