Users File co-existing with NTLM-Auth
Nathan McDavit-Van Fleet
nmcdavit at alcor.concordia.ca
Tue Apr 20 22:25:00 CEST 2010
I was able to get ntlm-auth working with AD integration. But unfortunately
this stops the existing users in the users' file from being check. Whenever
I have the "ntlm_auth =" line configured in modules/mschap, my users file is
not check. If I comment out "ntlm_auth" the users file works again.
Is there any possibility to getting both the files and the ntlm_auth methods
functional inside MSCHAP?
-Nathan Van Fleet
> -----Original Message-----
> From: freeradius-users-
> bounces+nmcdavit=alcor.concordia.ca at lists.freeradius.org
> [mailto:freeradius-users-
> bounces+nmcdavit=alcor.concordia.ca at lists.freeradius.org] On Behalf Of
> Jonathan Hutchins
> Sent: Tuesday, April 20, 2010 11:42 AM
> To: Thibault Le Meur
> Cc: FreeRadius users mailing list
> Subject: Re: PopTop
>
> On Tuesday 20 April 2010 03:27:19 am Thibault Le Meur wrote:
>
> > Yes it is true, but this part seems easy once you've understood how
> to
> > migrate from FR1 to FR2 which is required anyway to do a proper
> > migration.
>
> Is there a doc that specifically addresses migration?
>
> > In fact this would be only a 3 lines changes in the article, so this
> > is easy to fix as most of this HowTo is related to setting other
> > components that FR ;-)
>
> Can I help get those changes made, perhaps by testing the howto? The
> section
> on the Dictionary would seem to be unnnecessary for most packaged
> distributions.
>
> > > I moved from a rather ancient Gentoo server that I believe was
> using an
> > > 1.x version to Debian Lenny 2.0.4, then upgraded to the 2.1.8
> backport,
> > > and I can't get it to parse DOMAIN//user properly - it ignores the
> > > separator and comes up with a null "realm". Curiously, it later
> displays
> > > the username as DOMAIN/name.
> >
> > I can't help here, because I'm not using realm for PopTop
> authentication.
>
> I wasn't intending to either, I was following your PopTop doc exactly.
>
> > However I would check you modules/realm file and the ntdomain realm
> > definition. Then I would double check that the ntodimain instance is
> > enabled in your pre-acct and authorize section.
>
> Searching for where to enable this now. I wonder if there is any
> different
> handling for the "\\" vs "\".
>
> Since I don't have a working config yet, I would be happy to strip it
> back to
> defaults and test your howto.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list