How do I set up simple AD integration?

King, Michael MKing at
Tue Apr 11 16:40:00 CEST 2006

> Is there a how-to or tutorial for this simple case? I have 
> searched this list and google generally. I have read the 
> articles referred to on the FreeRadius home page and several 
> others and I still can't see how the configuration works. Any 
> and all help gratefully received.
> Steve.

As for the simple how to, they're a few, but none that I would consider
easy to follow.  

  What your looking for this the following lines:  (I have two ntlm_auth
Lines, the original that is commented out, and the one that I use.  They
are long, so they will break across lines, but they are not that way in
my config file)

                # Windows sends us a username in the form of
                # DOMAIN\user, but sends the challenge response
                # based on only the user portion.  This hack
                # corrects for that incorrect behavior.
                with_ntdomain_hack = yes

                # The module can perform authentication itself, OR
                # use a Windows Domain Controller.  This configuration
                # directive tells the module to call the ntlm_auth
                # program, which will do the authentication, and return
                # the NT-Key.  Note that you MUST have "winbindd" and
                # "nmbd" running on the local machine for ntlm_auth
                # to work.  See the ntlm_auth program documentation
                # for details.
                # Be VERY careful when editing the following line!
                #ntlm_auth = "/path/to/ntlm_auth --request-nt-key
                ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key
--username=%{mschap:User-Name} --challenge=%{mschap:Challenge}

More information about the Freeradius-Users mailing list