Freeradius + AD + Cisco authetication

Jevos, Peter Peter.Jevos at
Fri Jul 2 14:29:36 CEST 2010

Hi thank you for your email.
So as I said before , I have working ntlm_auth in the form of:
Linux#/usr/bin/ntlm_auth --request-nt-key --domain=MYDOMAIN --username=MYNAME --require-membership-of='DOMAIN+DOMAIN_GROUP'
That works from the command line.It returns OK status

So now, I have about 60 domains. Users are authenticated through VPN Cisco client with the domain\username and password.

How should look like the ntlm_auth file ? How should look like mschap module ? 
How should look like parameter --require-membership-of in these files ?

How should look like users file ?
These answers I was not able to find in any documentation

I'm using freeradius2-2.1.7-7.el5 ( RED HAT )


On Fri, Jul 2, 2010 at 6:43 PM, Jevos, Peter <Peter.Jevos at> wrote:
> Actually  I'm not really clever, because main tutorial on the main pages is
> connected with the older version , and there are more version of the
> Freradius 2.0, a bit different:

That page has updated tutorials for 2.x

> Can somebody please help me how to finish the freeradius configuration ( the
> NAS server will be cisco )
> I know that there should be the entries in users file, eap file, mschap or
> ntlm_aut modules.
> But what should be the proper syntax I really don't know

Which part did you find not clear from
It clearly says which file(s) to edit/create.

One note though, when it says "Create a file raddb/modules/ntlm_auth",
the actual location can vary on how you got freeradius installed. For
example, with RHEL/Centos/Fedora and their bundled freradius2, the
file location would be "/etc/raddb/modules/ntlm_auth". On the other
hand, if you installed manually from source, the file might be on


List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list