NTLM

Ivan Kalik tnt at kalik.net
Wed Nov 4 13:17:15 CET 2009


> I was setting up NTLM auth against AD and it works well however I wanted
> to add another server sections in the config and that was working ok too
> up to the point when somebody wants to do mschap authentication against
> something else than AD
> I followed the recommendations and add the following:
>         with_ntdomain_hack = yes
>         ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key
> --username={mschap:User-Name:-None}
> --domain={mschap:NT-Domain:-WEBANGEL} --challenge={mschap:Challenge:-00}
> --nt-response=%{mschap:NT-Response:-00}"
>
> to the module section in mschap but now it seams that it cannot do any
> other backends
> I have sql engine returning ok before mschap
> and than mschap returning reject and whole request is rejected.
> I attach log of activity from radius -X
> I would like to have two separate server sections
> one authenticating against AD and the other against SQL and I would like
> the end-client to be able to use MSCHAPv2 to use both.

http://wiki.freeradius.org/Combining_authentication_of_AD_accounts_(ntlm_auth)_with_accounts_stored_elsewhere

Ivan Kalik
Kalik Informatika ISP




More information about the Freeradius-Users mailing list