Exec and ntlm_auth

Ivan Kalik tnt at kalik.net
Thu Nov 26 01:01:06 CET 2009


freeradius at corwyn.net wrote:
> At 06:15 PM 11/25/2009, you wrote:
>> There are dozens of them there. Just save what is quoted in the guide 
>> (with adjusted text) as a file into raddb/modules directory.
>
> Yeah, and in tinkering with module files I clearly haven't had success.
>
> so you're saying create a (adjusted for my environment) file in 
> ../modules:
> rick_ntlm {
exec rick_ntlm {
> ntlm_auth = "/path/to/ntlm_auth --request-nt-key 
> --username=%{mschap:User-Name:-None} 
> --domain=%{mschap:NT-Domain:-MYDOMAIN} 
> --challenge=%{mschap:Challenge:-00} 
> --nt-response=%{mschap:NT-Response:-00}"
>
> }
No, that's for mschap. Forget that section. You just want the first 
section for pap requests.
> and it should work?  In part I ask because the examples for 
> radiusd.conf and mschap.conf are different.
>
Yes they are. One is for processing pap and other for processing mschap 
requests.
> I suspect I also have to put the reference to that new file (ntlm_rick 
> in this case) into inner-tunnel as well? And in the virtual server 
> config? In both the authorize{} and authenticate {} sections?
Just authenticate and default virtual server. Inner tunnel is for peap.

Ivan Kalik



More information about the Freeradius-Users mailing list