NTLM
Gilmour, Scott
sgilmour at enterasys.com
Wed Feb 22 16:01:16 CET 2006
Thanks for the info
Thanks,
Scott Gilmour
Software Engineer
ENET, & ENSRT
Enterasys Networks
Phone: 978-684-1236
Email:sgilmour at enterasys.com
www: http://www.enterasys.com
-----Original Message-----
From:
freeradius-users-bounces+sgilmour=enterasys.com at lists.freeradius.org
[mailto:freeradius-users-bounces+sgilmour=enterasys.com at lists.freeradius
.org] On Behalf Of Phil Mayers
Sent: Wednesday, February 22, 2006 8:56 AM
To: FreeRadius users mailing list
Subject: Re: NTLM
Gilmour, Scott wrote:
> I read that you need to setup ntlm_auth to get Machine Authentication
to
> work with Active Directory.
>
> How do I properly set up ntlm_auth to do this?
Download Samba, ensuring it is 3.0.21rc1 or later which includes the
patch Alan talks about. Compile and install samba. Read the samba
documentation. Configure your Samba server. Ensure winbindd and nmbd are
running. Join the AD domain. Ensure samba is working ("wbinfo -D
DOMAIN", "wbinfo -a username%pass" are good basic tests)
Install FreeRadius, make sure it is 1.1.0 which will strip the machine
name "host/name.domain.com" to "name". Make the following changes to the
default config:
1. radiusd.conf: uncomment the "ntlm_auth" line in the "mschap"
module, adjusting the "/path/to/ntlm_auth" to a real value, and setting
the --username argument to "%{mschap:User-Name}"
2. eap.conf: set "default_eap_type" to "peap", uncomment the "peap"
section lower down,
That's it.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list