PAP with LDAP and PEAP/MSCHANPv2 with ntlm_auth
Alan DeKok
aland at deployingradius.com
Thu Jun 24 12:03:24 CEST 2010
Neil Prockter wrote:
> I have a working config for PAP with LDAP against AD and a working
> config for PEAP/MSCHANPv2 with ntlm_auth.
>
> I need the server to do both but when I combine the configs one thing or
> another breaks.
And debug output says... ?
> Does anyone have such a setup working or know if it is possible/impossible.
It's possible.
> Would it be simpler to use a virtual server for one or the other?
There's already a two virtual servers: default, and inner-tunnel. You
can use those.
Step 1: start with default config
Step 2: get LDAP to work with PAP
Step 3: configure "ntlm_auth" for the MSCHAP module.
After that, both will work.
The *usual* cause of problems is that you're forcing Auth-Type. Don't
do that.
Alan DeKok.
More information about the Freeradius-Users
mailing list