Exec and ntlm_auth
Ivan Kalik
tnt at kalik.net
Thu Nov 26 01:01:06 CET 2009
freeradius at corwyn.net wrote:
> At 06:15 PM 11/25/2009, you wrote:
>> There are dozens of them there. Just save what is quoted in the guide
>> (with adjusted text) as a file into raddb/modules directory.
>
> Yeah, and in tinkering with module files I clearly haven't had success.
>
> so you're saying create a (adjusted for my environment) file in
> ../modules:
> rick_ntlm {
exec rick_ntlm {
> ntlm_auth = "/path/to/ntlm_auth --request-nt-key
> --username=%{mschap:User-Name:-None}
> --domain=%{mschap:NT-Domain:-MYDOMAIN}
> --challenge=%{mschap:Challenge:-00}
> --nt-response=%{mschap:NT-Response:-00}"
>
> }
No, that's for mschap. Forget that section. You just want the first
section for pap requests.
> and it should work? In part I ask because the examples for
> radiusd.conf and mschap.conf are different.
>
Yes they are. One is for processing pap and other for processing mschap
requests.
> I suspect I also have to put the reference to that new file (ntlm_rick
> in this case) into inner-tunnel as well? And in the virtual server
> config? In both the authorize{} and authenticate {} sections?
Just authenticate and default virtual server. Inner tunnel is for peap.
Ivan Kalik
More information about the Freeradius-Users
mailing list