Any way for ntlm_auth + winbind to not use ms-chap?

Mike Ely me at
Fri Jun 17 01:41:22 CEST 2016

On 06/16/2016 04:37 PM, Matthew Newton wrote:
> What is your client sending to FreeRADIUS? PAP or MSCHAP?
> If MSCHAP, then you'll need to use rlm_mschap with either
> ntlm_auth (configured through the mschap module) or
> MS-CHAP-Use-NTLM-Auth := No.
> If PAP, then you can use rlm_pap (Cleartext-Password) or set up
> ntlm_auth as in the file I mentioned before and not use rlm_pap.
I'm getting PAP to work directly with ntlm_auth successfully now. The 
file had only minimal info but the wiki was much better:

Ultimately what I've been trying to do is get the client to use Perl to 
connect to the radius server and authenticate using MSCHAP (or 
preferably v2). So far my google-fu has failed to find anyone who has 
done this, which is very surprising.

More information about the Freeradius-Users mailing list