Hi. Windows RADIUS server died.
Alan DeKok
aland at ox.org
Tue Aug 9 23:22:17 CEST 2005
Derrick MacPherson <dmacpherson at mainframe.ca> wrote:
> I see freeradius can use ntlm_auth as well, though I'm not clear on it's
> syntax.
See radiusd.conf for an example, and the ntlm_auth docs for it's
command-line arguments.
> I have squid using the same authentication criteria as the radius
> server was using, that was based upon being in certain group. Can
> freeradius support this as well?
Sure, because FreeRADIUS doesn't care about command-line arguments
to ntlm_auth. Add ass many arguments to ntlm_auth as you want.
> ntlm_auth --helper-protocol=squid-2.5-ntlmssp
This *isn't* supported. You have to pass the username & password on
the command line, as in the examples. And if you're doing MSCHAP, you
MUST also pass the "request nt key" option, too.
> --require-membership -of=S-1-5-21-1058564242-1277044956-825688854-1337 Domain Group (2)
This is just noise to FreeRADIUS, which doesn't look at it, and
doesn't care. If ntlm_auth returns success, so does FreeRADIUS. If
it returns fail, so does FreeRADIUS.
Alan DeKok.
More information about the Freeradius-Users
mailing list