Ntlm_auth vs. Cleartext-password
Óscar Remírez de Ganuza Satrústegui
oscarrdg at unav.es
Wed Feb 20 16:01:18 CET 2013
Good afternoon everybody,
We have configured freeradius to authenticate against Active
Directory/Samba using ntlm_auth, following the instructions on:
http://deployingradius.com/documents/configuration/active_directory.html
Everything works as expected.
Right now on our production server we are using LDAP to store the user
credentials. We would like to achieve a smooth transition to the new
authentication method. So want to configure freeradius to authenticate with
ntlm_auth just in the cases when there is not ClearText-Password available,
but we do not know how to do it.
Using instructions from modules/mschap:
# If ntlm_auth is configured below, then the mschap
# module will call ntlm_auth for every MS-CHAP
# authentication request. If there is a cleartext
# or NT hashed password available, you can set
# "MS-CHAP-Use-NTLM-Auth := No" in the control items,
# and the mschap module will do the authentication itself,
# without calling ntlm_auth.
We were able to *bypass* the ntlm_auth on some users/groups defining on the
users file the control item "MS-CHAP-Use-NTLM-Auth := No".
But is there a way to configure freeradius such that if Cleartext-Password
password is available it uses it, and otherwise it uses ntlm_auth to
authenticate?
Thank you so much for your help.
Regards,
*
Oscar Remírez de Ganuza Satrústegui*
Servicios Informáticos (Área de Infraestructuras)
Universidad de Navarra
Tel. +34 948425600 x803130
http://www.unav.es/SI/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130220/953f1dbe/attachment.html>
More information about the Freeradius-Users
mailing list