MSCHAP failing on new 2.1.10 install

Phil Mayers p.mayers at imperial.ac.uk
Wed May 11 22:41:21 CEST 2011


On 05/11/2011 09:29 PM, Gary Gatten wrote:
> PS: I apparently have to leave the “DEFAULT Auth-Type = ntlm_auth “  in
> the users file or “nothing” works. FWIW I am exclusively using

Leave?

There's no line like this in the default configs.

> AD/ntlm_auth for all auth types, so hopefully this won’t matter? I did

Don't set Auth-Type unless you understand what you're doing and why 
you're doing it. You shouldn't need to, and it'll break things in subtle 
ways.

About the only real use-case for setting Auth-Type is forcing it to 
Accept (for pap/mac-auth style only), Reject, or some custom auth 
config, and then you need to be very careful.

> find a Wiki article about updating the control such that if Auth-Type
> doesn’t exist then set it to ntlm_auth. I have this in my 2.1.6
> deployment, so may copy it over here as well. I’m trying to change as
> little as possible from the default confs….

I don't see any "Auth-Type" lines in the default configs.



More information about the Freeradius-Users mailing list