James McOrmond wrote:
With that, and a few configuration options (like making sure the host was connected to the domain and ntlm_auth functioned as required), i've managed to get PEAP and EAP-MSCHAPv2 working fine to the ntdomain.
The guides for *that* are online.
EAP-TTLS works fine with an account in the "users" file that has a clear text password, as well as a local /etc/password account. Ideally this should work with the ntdomain as well.
Yes. You will need to configure a *separate* module to do ntlm_auth authentication via PAP. Something like: exec ntlm_auth_pap { wait = yes input_pairs = request shell_escape = yes output = none program = "/path/to/ntlm_auth --username=%{User-Name} --domain=DOMAIN --password=%{User-Password}" } See 'exec echo' example for more docs. Then in the authenticate section, do; Auth-Type PAP { ntlm_auth_pap } That will force *all* PAP requests to use ntlm_auth, but it will work. Alan DeKok.