PAP against winbind

Matthew Newton mcn4 at
Wed Jun 1 00:02:44 CEST 2016


Have done a bit of work on rlm_pap and added the ability to pass
the username/password through to AD via winbind, complementing the
code in rlm_mschap and replacing the need for mods-available/ntlm_auth.

This should mostly help people permitting EAP-TTLS/PAP as one of
their available methods, as another call out to ntlm_auth can be
avoided, and it's convenient to use the same setup as rlm_mschap
rather than e.g. having to configure ldap as well.

rlm_mschap isn't the best place for this, and it doesn't seem
entirely fitting with rlm_pap either, so if anyone's got
suggestions for a better place for it then shout...

So, only password changes to go, then ntlm_auth can be done away
with entirely :-)



Matthew Newton, Ph.D. <mcn4 at>

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at>

More information about the Freeradius-Devel mailing list