Users File co-existing with NTLM-Auth

Gary Gatten Ggatten at
Tue Apr 20 23:11:26 CEST 2010

Yeah, there's a way.  I had / have similar requirements.  I *think* with some unlang and maybe a "fall-through" here or there...  I haven't quite figured this out, but I'm pretty sure it can be done.  From what I've gathered so far FR allows one to do pretty much anything, it's usually the other hardware / software / protocols that are the limiting factors.


PS: LMK the answer when you figure this out! ;)

-----Original Message-----
From: at [ at] On Behalf Of Nathan McDavit-Van Fleet
Sent: Tuesday, April 20, 2010 3:25 PM
To: 'FreeRadius users mailing list'
Subject: Users File co-existing with NTLM-Auth

I was able to get ntlm-auth working with AD integration. But unfortunately
this stops the existing users in the users' file from being check. Whenever
I have the "ntlm_auth =" line configured in modules/mschap, my users file is
not check. If I comment out "ntlm_auth" the users file works again.

Is there any possibility to getting both the files and the ntlm_auth methods
functional inside MSCHAP?

-Nathan Van Fleet

> -----Original Message-----
> From: freeradius-users-
> at
> [mailto:freeradius-users-
> at] On Behalf Of
> Jonathan Hutchins
> Sent: Tuesday, April 20, 2010 11:42 AM
> To: Thibault Le Meur
> Cc: FreeRadius users mailing list
> Subject: Re: PopTop
> On Tuesday 20 April 2010 03:27:19 am Thibault Le Meur wrote:
> > Yes it is true, but this part seems easy once you've understood how
> to
> > migrate from FR1 to FR2 which is required anyway to do a proper
> > migration.
> Is there a doc that specifically addresses migration?
> > In fact this would be only a 3 lines changes in the article, so this
> > is easy to fix as most of this HowTo is related to setting other
> > components that FR ;-)
> Can I help get those changes made, perhaps by testing the howto?  The
> section
> on the Dictionary would seem to be unnnecessary for most packaged
> distributions.
> > >  I moved from a rather ancient Gentoo server that I believe was
> using an
> > > 1.x version to Debian Lenny 2.0.4, then upgraded to the 2.1.8
> backport,
> > > and I can't get it to parse DOMAIN//user properly - it ignores the
> > > separator and comes up with a null "realm".  Curiously, it later
> displays
> > > the username as DOMAIN/name.
> >
> > I can't help here, because I'm not using realm for PopTop
> authentication.
> I wasn't intending to either, I was following your PopTop doc exactly.
> > However I would check you modules/realm file and the ntdomain realm
> > definition.  Then I would double check that the ntodimain instance is
> > enabled in your pre-acct and authorize section.
> Searching for where to enable this now.  I wonder if there is any
> different
> handling for the "\\" vs "\".
> Since I don't have a working config yet, I would be happy to strip it
> back to
> defaults and test your howto.
> -
> List info/subscribe/unsubscribe? See

List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list