FreeRadius with ntlm_auth
Alan Buxey
A.L.M.Buxey at lboro.ac.uk
Thu Dec 3 13:50:43 CET 2009
Hi,
>
> Hi All:
>
> My name is Charles and I need to "Configure my FreeRadius to use ntlm_auth" to authenticate NT users.
> Actually, I am getting to do this for only one NT group, but I need to do this for more NT groups.
>
> My configuration in "radius.conf" for ntlm_auth for one NT group is:
>
> exec win_domain {
> wait = yes
> input_pairs = request
> output_pairs = reply
> program = "/usr/local/bin/ntlm_auth --request-nt-key --domain=COPEL --username=%{User-Name:-None} --password=%{User-Password} --require-membership-of=COPEL\\Group1"
> }
>
> My environment is: FreeBSD 6.2 + Samba 3.0.26a + freeradius 1.1.7
>
> How can I do this configuration for more than one NT group ? Any idea ?
> Thanks,
> Charles.
does the domain come through as part of the request? if so you can simply
use the example ntlm_auth to do the substitution .
if not...well, you could so a large check table where every auth is tried
until one works....and if none work then they get rejected. bit messy
but redundant auth statements work okay and are very handy - eg for what
you migrate to a new AD system but half of users are still in the old
one or in a DB etc.
alan
More information about the Freeradius-Users
mailing list