Phil Mayers p.mayers at imperial.ac.uk
Wed Feb 22 14:55:46 CET 2006

Gilmour, Scott wrote:
> I read that you need to setup ntlm_auth to get Machine Authentication to 
> work with Active Directory.
> How do I properly set up ntlm_auth  to do this?

Download Samba, ensuring it is 3.0.21rc1 or later which includes the 
patch Alan talks about. Compile and install samba. Read the samba 
documentation. Configure your Samba server. Ensure winbindd and nmbd are 
running. Join the AD domain. Ensure samba is working ("wbinfo -D 
DOMAIN", "wbinfo -a username%pass" are good basic tests)

Install FreeRadius, make sure it is 1.1.0 which will strip the machine 
name "host/name.domain.com" to "name". Make the following changes to the 
default config:

  1. radiusd.conf: uncomment the "ntlm_auth" line in the "mschap" 
module, adjusting the "/path/to/ntlm_auth" to a real value, and setting 
the --username argument to "%{mschap:User-Name}"

  2. eap.conf: set "default_eap_type" to "peap", uncomment the "peap" 
section lower down,

That's it.

More information about the Freeradius-Users mailing list