On 10/03/10 15:52, Whitmarsh Mark (Leeds Teaching Hospitals NHS Trust) wrote:
Hi, I've included the ntlm_auth command line - is that what you meant by
can you cut and past your ntlm_auth line
ntlm_auth --request-nt-key --domain=XXX.local --username=XXX password: NT_STATUS_OK: Success (0x0)
======================================= The /etc./raddb/modules/ntlm_auth file: # -*- text -*- # # $Id$ # NTLM module # # To authenticate requests using AD. #
ntlm_auth { wait = yes program = "/usr/bin/ntlm_auth --request-nt-key --domain=XXX --username=%{mschap:User-Name} --password=%{User-Password}" }
This is wrong. The syntax is: module { options } ...or: module instance-name { options } So you want: exec ntlm_auth { options } The "--request-nt-key" option is redundant when doing plaintext user/password check combos - it only applies to NTLM challenge/response. Also, you are aware this config will only authenticate PAP requests, yes?