redundant-load-balance for AD ntlmauth

FreeRadius List maillist-freeradius at
Mon Apr 29 14:31:50 CEST 2013


I use redundant-load-balance for ldap user auth to authenticate users to a
pool of active directory servers for one service. That seems to work well.

I'm trying to think why I don't do that for ntlmauth (used inside mschap
inner-tunnel) for another other service.

I've knocked that up to test it with mschap modules like (with N being

mschap mschapadN {
    with_ntdomain_hack = yes
    ntlm_auth = "/usr/local/bin/mschap-ntlm_auth --request-nt-key
--challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}

where /etc/samba/smb-adN.conf is the same as the others except for
"password server = adN.domain"

and then in the inner-tunnel site I have
authenticate {
    Auth-Type MS-CHAP {
        redundant-load-balance {

Is this along the lines that others follow?  if not how does ntlmauth
handle the AD server being down.  Does ntlmauth/winbind handle AD being
down so freeradius does not have to?


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Freeradius-Users mailing list