Sorry, I just c/p that line from other link

here is mine

exec ntlm_auth_pap {
        wait = yes
        input_pairs = request
        shell_excape = yes
        output = none
        program = "/usr/bin/ntlm_auth --request-nt-key --domain=EXCHANGE --username=%{mschap:User-Name} --password=%{User-Password}"    
    }


should domain field be pre-windows 2000/NT name or fqdn? (domain.com)

Also, I didn't get you quite well, I am new to both linux and freeradius, should I set following

Auth-Type PAP
  {
  ntlm_auth_pap
  }

in authenticate section of /etc/freeradius/sites-enabled/inner-tunnel and /etc/freeradius/sites-available/inner-tunnel files?

Thanks for all your help

On Thu, Jun 25, 2009 at 18:43, <A.L.M.Buxey@lboro.ac.uk> wrote:
Hi,

>  exec ntlm_auth_pap {
>               wait = yes
>               input_pairs = request
>               shell_escape = yes
>               output = none
>
>               program = "/path/to/ntlm_auth --username=%{User-Name} --domain=EXCHANGE --password=%{User-Password}"
                         ^^^^^^^^^^^^

i really do hope that you changed that bit to be the correct $PATH
for your ntlm_auth command

> and I edited /etc/freeradius/sites-available/default file and
> /etc/freeradius/sites-enabled/default, section authenticate to
>
> Auth-Type PAP
> {
> ntlm_auth_pap
> }

no. this is TTLS, so this is going to occur in the inner-tunnel
unless you've really cooked up your config is some wierd way.
a default install will use the inner-tunnel sites-enabled file
- put your ntlm_auth_pap stuff into that file.

> server inner-tunnel {
> +- entering group authorize {...}
> ++[chap] returns noop
> ++[mschap] returns noop
> ++[unix] returns notfound
> [suffix] No '@' in User-Name = "testuser", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> ++[control] returns noop
> [eap] No EAP-Message, not doing EAP
> ++[eap] returns noop
> ++[files] returns noop
> ++[expiration] returns noop
> ++[logintime] returns noop
> ++[pap] returns noop
> No authenticate method (Auth-Type) configuration found for the
> request: Rejecting the user
>
> Failed to authenticate the user.
> } # server inner-tunnel

see. inner-tunnel. you arent dealing with the user properly

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html