FreeRadius with ntlm_auth

charles at copel.com charles at copel.com
Mon Dec 7 15:36:55 CET 2009


Hi,  Allan:

My domain comes through as part of the request.

Sorry, but I didn´t understand this:  "if so you can simply use the 
example ntlm_auth to do the substitution".
Can you explain it better ? 

Thanks.
Charles.

Hi,
> 
> Hi All:
> 
> My name is Charles and I need to  "Configure my FreeRadius to use 
ntlm_auth" to authenticate  NT users.
> Actually, I am getting to do this for only one NT group, but  I need to 
do this for more NT groups.
> 
> My configuration in "radius.conf" for ntlm_auth for one NT group is:
> 
>         exec win_domain {
>                 wait = yes
>                 input_pairs = request
>                 output_pairs = reply
>                     program = "/usr/local/bin/ntlm_auth --request-nt-key 
--domain=COPEL --username=%{User-Name:-None} --password=%{User-Password} 
--require-membership-of=COPEL\\Group1"
>                      }
> 
> My environment is: FreeBSD 6.2 + Samba 3.0.26a + freeradius 1.1.7
> 
> How can I do this configuration for more than one NT group ? Any idea ?
> Thanks,
> Charles.

does the domain come through as part of the request? if so you can simply
use the example ntlm_auth to do the substitution .

if not...well, you could so a large check table where every auth is tried
until one works....and if none work then they get rejected. bit messy
but redundant auth statements work okay and are very handy - eg for what
you migrate to a new AD system but half of users are still in the old
one or in a DB etc.

alan


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20091207/d5eed498/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 2416 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20091207/d5eed498/attachment.gif>


More information about the Freeradius-Users mailing list