mschap module vs ntlm_auth module

Óscar Remírez de Ganuza Satrústegui oscarrdg at unav.es
Wed Mar 6 16:31:39 CET 2013


Good afternoon,

As I said some days ago in this list, we have configured our freeradius
server to use ntlm_auth for autentication following the document:
http://deployingradius.com/documents/configuration/active_directory.html

Everything is working as expected. Thanks!

But I have some doubts about that documentation.
In section "Configuring FreeRADIUS to use ntlm_auth" is said to "to list
ntlm_auth in the authenticate sections of each the
raddb/sites-enabled/default file, and of the
raddb/sites-enabled/inner-tunnel file."

I have made some tests and it seems that is not needed to add it, as
freeradius is using mschap module to autenticate.

+- entering group MS-CHAP {...}
[mschap] Client is using MS-CHAPv1 with NT-Password
[mschap]     expand: %{Stripped-User-Name} -> oscarrdg
[mschap]     expand:
--username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}} ->
--username=oscarrdg
[mschap]  mschap1: b9
[mschap]     expand: %{mschap:Challenge} -> b9415739df3a9c1b
[mschap]     expand: --challenge=%{%{mschap:Challenge}:-00} ->
--challenge=b9415739df3a9c1b
[mschap]     expand: %{mschap:NT-Response} ->
2d41aa6d7e87e086dfc2920f2234b58ca1f6efe2c71505b8
[mschap]     expand: --nt-response=%{%{mschap:NT-Response}:-00} ->
--nt-response=2d41aa6d7e87e086dfc2920f2234b58ca1f6efe2c71505b8
Exec-Program output: NT_KEY: 312D5366FF0179461F1E13FA4AECD06A
Exec-Program-Wait: plaintext: NT_KEY: 312D5366FF0179461F1E13FA4AECD06A
Exec-Program: returned: 0
[mschap] adding MS-CHAPv1 MPPE keys
++[mschap] returns ok

Is there anything else to take into account considering adding that section
to the virtual servers configuration or not? Or is it just needed when
Auth-Type is set to ntlm_auth manually in order to test the system?

I usually prefer to let config files as similar to the default files as
posible.

Thank you so much for your help.

Regards,


*
Oscar Remírez de Ganuza Satrústegui*
Servicios Informáticos (Área de Infraestructuras)
Universidad de Navarra
Tel. +34 948425600 x803130
http://www.unav.es/SI/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130306/f25d590a/attachment.html>


More information about the Freeradius-Users mailing list