EAP-TTLS (PAP) with Win2K3 domain not working

Ivan Kalik tnt at kalik.net
Fri Jun 26 11:26:21 CEST 2009


> Sorry, I just c/p that line from other link
>
> here is mine
>
> exec ntlm_auth_pap {
>         wait = yes
>         input_pairs = request
>         shell_excape = yes
>         output = none
>         program = "/usr/bin/ntlm_auth --request-nt-key --domain=EXCHANGE
> --username=%{mschap:User-Name} --password=%{User-Password}"
>     }
>
> should domain field be pre-windows 2000/NT name or fqdn? (domain.com)
>
> Also, I didn't get you quite well, I am new to both linux and freeradius,
> should I set following
>
> Auth-Type PAP
>   {
>   ntlm_auth_pap
>   }
>
> in authenticate section of /etc/freeradius/sites-enabled/inner-tunnel and
> /etc/freeradius/sites-available/inner-tunnel files?

No, authenticate should look like:

Auth-Type PAP {
     pap
}

ntlm_auth_pap

...

Ivan Kalik
Kalik Informatika ISP




More information about the Freeradius-Users mailing list