Any way for ntlm_auth + winbind to not use ms-chap?
Mike Ely
me at mikeely.org
Fri Jun 17 01:41:22 CEST 2016
On 06/16/2016 04:37 PM, Matthew Newton wrote:
> What is your client sending to FreeRADIUS? PAP or MSCHAP?
>
> If MSCHAP, then you'll need to use rlm_mschap with either
> ntlm_auth (configured through the mschap module) or
> MS-CHAP-Use-NTLM-Auth := No.
>
> If PAP, then you can use rlm_pap (Cleartext-Password) or set up
> ntlm_auth as in the file I mentioned before and not use rlm_pap.
>
I'm getting PAP to work directly with ntlm_auth successfully now. The
file had only minimal info but the wiki was much better:
http://wiki.freeradius.org/guide/NTLM-Auth-with-PAP-HOWTO
Ultimately what I've been trying to do is get the client to use Perl to
connect to the radius server and authenticate using MSCHAP (or
preferably v2). So far my google-fu has failed to find anyone who has
done this, which is very surprising.
More information about the Freeradius-Users
mailing list