ntlm fall-through

Stieven.Struyf at komatsu.eu Stieven.Struyf at komatsu.eu
Wed Dec 20 09:06:45 CET 2006 

Alan,
A month ago i configured ntlm authentication for our internal wifi users. 
This works fine, but now i also needed to give access to some external 
consultants who didn't have an AD account.
I found a solution however by using the "MS-Chap-Use-NTLM-Auth := 0" 
variable for those users (but it would be nice if it would autom. fell 
through when no AD account was found)

btw. i'm new to the (for me) more advanced features/internals of 
(free)radius, thanks for explaining me.

Stieven Struyf
M.I.S. Division - System Operations 
Komatsu Europe International NV
Mechelsesteenweg 586
B-1800 Vilvoorde
Stieven.Struyf at komatsu.eu
Tel. +32 (0)2 2552551

freeradius-users-bounces+stieven.struyf=komatsu.eu at lists.freeradius.org 
wrote on 12/19/2006 08:24:55 PM:

> Stieven.Struyf at komatsu.eu wrote:
> > 
> > All,
> > Does anyone know how i can configure ntlm fall-through, eg. try to
> > authenticate the user local (via password entry in users file)
> 
>   No, the "users" file doesn't authenticate anyone.  It just adds a
> "known good" password to the request.  Some other module takes care of
> authenticating the user.
> 
> > and if
> > the user isn't found use ntlm-auth(or first ntlm and afterwards 
userfile
> > is also ok)?
> > If i comment out the ntlm-auth line in the mschap section of
> > radiusd.conf the user is authenticate local.
> 
>   See doc/configurable_failover.  You should be able to add a statement
> to the "authenticate" section saying "try FOO, and if that fails, try 
BAR".
> 
>   This is really not a recommended configuration, however.  It is
> difficult to make it work well.
> 
>   Perhaps you could say *why* you need this, rather than asking how to
> implement a particular solution.
> 
>   Alan DeKok.
> --
>   http://deployingradius.com       - The web site of the book
>   http://deployingradius.com/blog/ - The blog
> - 
> List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20061220/6b269688/attachment.html>

More information about the Freeradius-Users mailing list