Any way for ntlm_auth + winbind to not use ms-chap?

Matthew Newton mcn4 at
Fri Jun 17 01:37:38 CEST 2016

On Thu, Jun 16, 2016 at 03:25:32PM -0700, Mike Ely wrote:
> On 06/16/2016 02:58 PM, Matthew Newton wrote:
> >
> >See mods-available/ntlm_auth. You can send a username and password directly.
> Says to test with pap, but that complains it needs a known good password for
> the user (and I can't work out how to pass the password to pap as well as
> ntlm_auth).

What is your client sending to FreeRADIUS? PAP or MSCHAP?

If MSCHAP, then you'll need to use rlm_mschap with either
ntlm_auth (configured through the mschap module) or
MS-CHAP-Use-NTLM-Auth := No.

If PAP, then you can use rlm_pap (Cleartext-Password) or set up
ntlm_auth as in the file I mentioned before and not use rlm_pap.

You've not really given much information as to what you're
actually doing or trying to do, which I'm afraid makes it quite
hard to help. Sorry.


Matthew Newton, Ph.D. <mcn4 at>

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at>

More information about the Freeradius-Users mailing list