Users File co-existing with NTLM-Auth

Wed Apr 21 15:21:41 CEST 2010

Crap.

Nathan Van Fleet

> -----Original Message-----
> From: freeradius-users-
> bounces+nmcdavit=alcor.concordia.ca at lists.freeradius.org
> [mailto:freeradius-users-
> bounces+nmcdavit=alcor.concordia.ca at lists.freeradius.org] On Behalf Of
> Gary Gatten
> Sent: Tuesday, April 20, 2010 5:11 PM
> To: 'FreeRadius users mailing list'
> Subject: RE: Users File co-existing with NTLM-Auth
> 
> Yeah, there's a way.  I had / have similar requirements.  I *think*
> with some unlang and maybe a "fall-through" here or there...  I haven't
> quite figured this out, but I'm pretty sure it can be done.  From what
> I've gathered so far FR allows one to do pretty much anything, it's
> usually the other hardware / software / protocols that are the limiting
> factors.
> 
> G
> 
> PS: LMK the answer when you figure this out! ;)
> 
> -----Original Message-----
> From: freeradius-users-bounces+ggatten=waddell.com at lists.freeradius.org
> [mailto:freeradius-users-
> bounces+ggatten=waddell.com at lists.freeradius.org] On Behalf Of Nathan
> McDavit-Van Fleet
> Sent: Tuesday, April 20, 2010 3:25 PM
> To: 'FreeRadius users mailing list'
> Subject: Users File co-existing with NTLM-Auth
> 
> I was able to get ntlm-auth working with AD integration. But
> unfortunately
> this stops the existing users in the users' file from being check.
> Whenever
> I have the "ntlm_auth =" line configured in modules/mschap, my users
> file is
> not check. If I comment out "ntlm_auth" the users file works again.
> 
> Is there any possibility to getting both the files and the ntlm_auth
> methods
> functional inside MSCHAP?
> 
> -Nathan Van Fleet
> 
> > -----Original Message-----
> > From: freeradius-users-
> > bounces+nmcdavit=alcor.concordia.ca at lists.freeradius.org
> > [mailto:freeradius-users-
> > bounces+nmcdavit=alcor.concordia.ca at lists.freeradius.org] On Behalf
> Of
> > Jonathan Hutchins
> > Sent: Tuesday, April 20, 2010 11:42 AM
> > To: Thibault Le Meur
> > Cc: FreeRadius users mailing list
> > Subject: Re: PopTop
> >
> > On Tuesday 20 April 2010 03:27:19 am Thibault Le Meur wrote:
> >
> > > Yes it is true, but this part seems easy once you've understood how
> > to
> > > migrate from FR1 to FR2 which is required anyway to do a proper
> > > migration.
> >
> > Is there a doc that specifically addresses migration?
> >
> > > In fact this would be only a 3 lines changes in the article, so
> this
> > > is easy to fix as most of this HowTo is related to setting other
> > > components that FR ;-)
> >
> > Can I help get those changes made, perhaps by testing the howto?  The
> > section
> > on the Dictionary would seem to be unnnecessary for most packaged
> > distributions.
> >
> > > >  I moved from a rather ancient Gentoo server that I believe was
> > using an
> > > > 1.x version to Debian Lenny 2.0.4, then upgraded to the 2.1.8
> > backport,
> > > > and I can't get it to parse DOMAIN//user properly - it ignores
> the
> > > > separator and comes up with a null "realm".  Curiously, it later
> > displays
> > > > the username as DOMAIN/name.
> > >
> > > I can't help here, because I'm not using realm for PopTop
> > authentication.
> >
> > I wasn't intending to either, I was following your PopTop doc
> exactly.
> >
> > > However I would check you modules/realm file and the ntdomain realm
> > > definition.  Then I would double check that the ntodimain instance
> is
> > > enabled in your pre-acct and authorize section.
> >
> > Searching for where to enable this now.  I wonder if there is any
> > different
> > handling for the "\\" vs "\".
> >
> > Since I don't have a working config yet, I would be happy to strip it
> > back to
> > defaults and test your howto.
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> 
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> 
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html