Gilmour, Scott sgilmour at enterasys.com
Wed Feb 22 16:01:16 CET 2006

Thanks for the info

Scott Gilmour
Software Engineer
Enterasys Networks
Phone: 978-684-1236
Email:sgilmour at enterasys.com
www: http://www.enterasys.com

-----Original Message-----
freeradius-users-bounces+sgilmour=enterasys.com at lists.freeradius.org
[mailto:freeradius-users-bounces+sgilmour=enterasys.com at lists.freeradius
.org] On Behalf Of Phil Mayers
Sent: Wednesday, February 22, 2006 8:56 AM
To: FreeRadius users mailing list
Subject: Re: NTLM

Gilmour, Scott wrote:
> I read that you need to setup ntlm_auth to get Machine Authentication
> work with Active Directory.
> How do I properly set up ntlm_auth  to do this?

Download Samba, ensuring it is 3.0.21rc1 or later which includes the 
patch Alan talks about. Compile and install samba. Read the samba 
documentation. Configure your Samba server. Ensure winbindd and nmbd are

running. Join the AD domain. Ensure samba is working ("wbinfo -D 
DOMAIN", "wbinfo -a username%pass" are good basic tests)

Install FreeRadius, make sure it is 1.1.0 which will strip the machine 
name "host/name.domain.com" to "name". Make the following changes to the

default config:

  1. radiusd.conf: uncomment the "ntlm_auth" line in the "mschap" 
module, adjusting the "/path/to/ntlm_auth" to a real value, and setting 
the --username argument to "%{mschap:User-Name}"

  2. eap.conf: set "default_eap_type" to "peap", uncomment the "peap" 
section lower down,

That's it.
List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list