EAP-TTLS (PAP) not working with NT domain - debian freeradius 1.1.7
Alan DeKok
aland at deployingradius.com
Fri Mar 21 15:43:03 CET 2008
James McOrmond wrote:
> With that, and a few configuration options (like making sure the host
> was connected to the domain and ntlm_auth functioned as required), i've
> managed to get PEAP and EAP-MSCHAPv2 working fine to the ntdomain.
The guides for *that* are online.
> EAP-TTLS works fine with an account in the "users" file that has a clear
> text password, as well as a local /etc/password account. Ideally this
> should work with the ntdomain as well.
Yes. You will need to configure a *separate* module to do ntlm_auth
authentication via PAP.
Something like:
exec ntlm_auth_pap {
wait = yes
input_pairs = request
shell_escape = yes
output = none
program = "/path/to/ntlm_auth --username=%{User-Name} --domain=DOMAIN
--password=%{User-Password}"
}
See 'exec echo' example for more docs.
Then in the authenticate section, do;
Auth-Type PAP {
ntlm_auth_pap
}
That will force *all* PAP requests to use ntlm_auth, but it will work.
Alan DeKok.
More information about the Freeradius-Users
mailing list