Configuring FreeRADIUS to use ntlm_auth for MS-CHAP

Martin Ubank Martin.Ubank at
Mon Oct 17 00:48:20 CEST 2011

Thanks for that.
I had left some previous versions of files in the modules directory not knowing that they are still active.
Moving them to another location progressed me to the following error:

"winbind client not authorized to use winbindd_pam_auth_crap. Ensure permissions on /var/lib/samba/winbindd_privileged are set correctly."

This was fixed by issuing this command:

'chgrp radiusd /var/lib/samba/winbindd_privileged'

The next problem I got was

"EAP-MSCHAPV2: Received success
 EAP-MSCHAPV2: Invalid authenticator response in success request"

Googling this suggests there is a bug in the version of Samba I'm using and that I need to install version 3.0.30.

A job for tomorrow morning ...

Thanks for everyone's help so far.


-----Original Message-----
From: at [ at] On Behalf Of James J J Hooper
Sent: 14 October 2011 18:29
To: freeradius-users at
Subject: Re: Configuring FreeRADIUS to use ntlm_auth for MS-CHAP

On 14/10/2011 16:13, Martin Ubank wrote:
> Here’s the full output from ‘radiusd –X’:

The bit at the top that tells us what radiusd has read from the config 
files is missing.

It's not executing ntlm_auth by the looks of what you posted, so you need 
to look at why. The first bit of radiusd -X will tell you which files it's 
reading. Check it's reading your mschap file (the one you configured, not 
some other one).


List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list