Freeradius with Active Directory
Phil Mayers
p.mayers at imperial.ac.uk
Wed Mar 10 17:21:59 CET 2010
On 10/03/10 15:52, Whitmarsh Mark (Leeds Teaching Hospitals NHS Trust)
wrote:
> Hi,
> I've included the ntlm_auth command line - is that what you meant by
>> can you cut and past your ntlm_auth line
>
> ntlm_auth --request-nt-key --domain=XXX.local --username=XXX
> password:
> NT_STATUS_OK: Success (0x0)
>
> =======================================
> The /etc./raddb/modules/ntlm_auth file:
> # -*- text -*-
> #
> # $Id$
> # NTLM module
> #
> # To authenticate requests using AD.
> #
> ntlm_auth {
> wait = yes
> program = "/usr/bin/ntlm_auth --request-nt-key --domain=XXX --username=%{mschap:User-Name} --password=%{User-Password}"
> }
This is wrong. The syntax is:
module {
options
}
...or:
module instance-name {
options
}
So you want:
exec ntlm_auth {
options
}
The "--request-nt-key" option is redundant when doing plaintext
user/password check combos - it only applies to NTLM challenge/response.
Also, you are aware this config will only authenticate PAP requests, yes?
More information about the Freeradius-Users
mailing list