Everything works as expected.
Right now on our production server we are using LDAP to store the user credentials. We would like to achieve a smooth transition to the new authentication method. So want to configure freeradius to authenticate with ntlm_auth just in the cases when there is not ClearText-Password available, but we do not know how to do it.
Using instructions from modules/mschap:
# If ntlm_auth is configured below, then the mschap
# module will call ntlm_auth for every MS-CHAP
# authentication request. If there is a cleartext
# or NT hashed password available, you can set
# "MS-CHAP-Use-NTLM-Auth := No" in the control items,
# and the mschap module will do the authentication itself,
# without calling ntlm_auth.
We were able to bypass the ntlm_auth on some users/groups defining on the users file the control item "MS-CHAP-Use-NTLM-Auth := No".
But is there a way to configure freeradius such that if Cleartext-Password password is available it uses it, and otherwise it uses ntlm_auth to authenticate?
Thank you so much for your help.
Regards,