NTLM
Phil Mayers
p.mayers at imperial.ac.uk
Wed Feb 22 14:55:46 CET 2006
Gilmour, Scott wrote:
> I read that you need to setup ntlm_auth to get Machine Authentication to
> work with Active Directory.
>
> How do I properly set up ntlm_auth to do this?
Download Samba, ensuring it is 3.0.21rc1 or later which includes the
patch Alan talks about. Compile and install samba. Read the samba
documentation. Configure your Samba server. Ensure winbindd and nmbd are
running. Join the AD domain. Ensure samba is working ("wbinfo -D
DOMAIN", "wbinfo -a username%pass" are good basic tests)
Install FreeRadius, make sure it is 1.1.0 which will strip the machine
name "host/name.domain.com" to "name". Make the following changes to the
default config:
1. radiusd.conf: uncomment the "ntlm_auth" line in the "mschap"
module, adjusting the "/path/to/ntlm_auth" to a real value, and setting
the --username argument to "%{mschap:User-Name}"
2. eap.conf: set "default_eap_type" to "peap", uncomment the "peap"
section lower down,
That's it.
More information about the Freeradius-Users
mailing list