mschap module vs ntlm_auth module

Phil Mayers p.mayers at imperial.ac.uk
Wed Mar 6 17:12:16 CET 2013


On 06/03/13 15:31, Óscar Remírez de Ganuza Satrústegui wrote:
> Good afternoon,
>
> As I said some days ago in this list, we have configured our freeradius
> server to use ntlm_auth for autentication following the document:
> http://deployingradius.com/documents/configuration/active_directory.html

If you read that page carefully, you'll see it's talking about two 
different modules for two different purposes.

Specifically:

  1. It first talks about creating an instance of the "exec" module 
called "ntlm_auth". This processes PAP requests, and is tested by 
forcing Auth-Type

  2. It then talks about throwing that config away (remove the 
Auth-Type, stop using that module) and now configuring the "mschap" 
module, by setting the "ntlm_auth" helper.

It might be a bit confusing that "ntlm_auth" is used twice there - once 
as the name of an "exec" instance, once as a config variable for the 
"mschap" module, but they're different use-cases.

>
> Everything is working as expected. Thanks!
>
> But I have some doubts about that documentation.
> In section "Configuring FreeRADIUS to use ntlm_auth" is said to "to list
> ntlm_auth in the authenticate sections of each the
> raddb/sites-enabled/default file, and of the
> raddb/sites-enabled/inner-tunnel file."
>
> I have made some tests and it seems that is not needed to add it, as

Correct, you don't need it.


More information about the Freeradius-Users mailing list