How do I set up simple AD integration?
King, Michael
MKing at bridgew.edu
Tue Apr 11 16:40:00 CEST 2006
>
> Is there a how-to or tutorial for this simple case? I have
> searched this list and google generally. I have read the
> articles referred to on the FreeRadius home page and several
> others and I still can't see how the configuration works. Any
> and all help gratefully received.
>
> Steve.
>
As for the simple how to, they're a few, but none that I would consider
easy to follow.
What your looking for this the following lines: (I have two ntlm_auth
Lines, the original that is commented out, and the one that I use. They
are long, so they will break across lines, but they are not that way in
my config file)
# Windows sends us a username in the form of
# DOMAIN\user, but sends the challenge response
# based on only the user portion. This hack
# corrects for that incorrect behavior.
#
with_ntdomain_hack = yes
# The module can perform authentication itself, OR
# use a Windows Domain Controller. This configuration
# directive tells the module to call the ntlm_auth
# program, which will do the authentication, and return
# the NT-Key. Note that you MUST have "winbindd" and
# "nmbd" running on the local machine for ntlm_auth
# to work. See the ntlm_auth program documentation
# for details.
#
# Be VERY careful when editing the following line!
#
#ntlm_auth = "/path/to/ntlm_auth --request-nt-key
--username=%{Stripped-User-Name:-%{User-Name:-None}}
--challenge=%{mschap:Challenge:-00}
--nt-response=%{mschap:NT-Response:-00}"
ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key
--username=%{mschap:User-Name} --challenge=%{mschap:Challenge}
--nt-response=%{mschap:NT-Response}"
More information about the Freeradius-Users
mailing list