Hi. Windows RADIUS server died.

Alan DeKok aland at ox.org
Tue Aug 9 23:22:17 CEST 2005


Derrick MacPherson <dmacpherson at mainframe.ca> wrote:
> I see freeradius can use ntlm_auth as well, though I'm not clear on it's
> syntax.

  See radiusd.conf for an example, and the ntlm_auth docs for it's
command-line arguments.

> I have squid using the same authentication criteria as the radius
> server was using, that was based upon being in certain group. Can
> freeradius support this as well?

  Sure, because FreeRADIUS doesn't care about command-line arguments
to ntlm_auth.  Add ass many arguments to ntlm_auth as you want.

> ntlm_auth --helper-protocol=squid-2.5-ntlmssp

  This *isn't* supported.  You have to pass the username & password on
the command line, as in the examples.  And if you're doing MSCHAP, you
MUST also pass the "request nt key" option, too.

> --require-membership  -of=S-1-5-21-1058564242-1277044956-825688854-1337 Domain Group (2)

  This is just noise to FreeRADIUS, which doesn't look at it, and
doesn't care.  If ntlm_auth returns success, so does FreeRADIUS.  If
it returns fail, so does FreeRADIUS.

  Alan DeKok.




More information about the Freeradius-Users mailing list