Configuring FreeRADIUS to use ntlm_auth

charles at copel.com charles at copel.com
Mon Sep 17 16:19:41 CEST 2007


Alan:

I think that I did just some changes describes in the document  with the 
files:
the users file: it is original (I delete the testing entry used "user     Auth-Type := ntlm_auth");
the radisud.conf file: it is original with following changes:
1) the command "ntlm_auth" in the "authenticate" section;
2) the command "ntlm_auth" in the "modules" section: ntlm_auth = "/path/to/ntlm_auth --request-nt-key 
--username=%{mschap:User-Name:-None} 
--domain=%{mschap:NT-Domain:-MYDOMAIN} --challenge=%{mschap:Challenge:-00} 
--nt-response=%{mschap:NT-Response:-00}"

Any idea ?
Thanks.
Charles.





Alan DeKok <aland at deployingradius.com>
Enviado Por: freeradius-users-bounces at lists.freeradius.org
16/09/2007 10:17
Favor responder a FreeRadius users mailing list

 
        Para:   FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
        cc: 
        cco:    Charles Alcantara Borba/COPEL
        Assunto:        Re: Configuring FreeRADIUS to use ntlm_auth


charles at copel.com wrote:
>  radtest doesn't do MS-CHAP.  The page tries to make this clear.
> ==> Sorry ... but I hadn´t understood it (I thought that just radclient
> doesn´t work). Now I know that radtest too ...

  radtest is just a shell script wrapper around radclient.

>  You've done rather a lot more than just add "ntlm_auth" to the
> "authenticate" section.  This means that the config that previously
> worked... now doesn't work.
> ==> I think this configuration is original (FreeRadius instalation´s).
> Because, in the previous test this configuration was already there. And
> the previous test works (Configuring FreeRADIUS to use ntlm_auth)!

  It's either the original FreeRADIUS config, or the one you modified to
get the previous test to work.  Which one is it?

> ==> I tried to use the working configuration with a real login, but the
> behavior is the same, it appears the message that you mencioned:
> "rad_check_password:  Found Auth-Type System"

  Yes... because your configuration for THIS test is not the same as for
the LAST test.

> Can you help me ?

  Believe me, I'm trying.

  Alan DeKok.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070917/a7c9c6b2/attachment.html>


More information about the Freeradius-Users mailing list