Any way for ntlm_auth + winbind to not use ms-chap?

Mike Ely me at
Fri Jun 17 00:37:55 CEST 2016

On 06/16/2016 02:58 PM, Matthew Newton wrote:
> On Thu, Jun 16, 2016 at 02:49:52PM -0700, Mike Ely wrote:
>> I guess to simplify the question: is it absolutely essential to use MSCHAP
>> when authenticating against winbind, or can a simpler mechanism be used?
> See mods-available/ntlm_auth. You can send a username and password directly.
Or better yet, just use pam/nsswitch to authenticate the user as though 
it were local and skip ntlm_auth entirely. Dreaded memory leaks aside, 
does this seem like a plausible course?

More information about the Freeradius-Users mailing list