AD Auth Question

Alan Buxey alan.buxey at
Sat Dec 30 19:19:07 CET 2017

fairly easily done - and quite common -  had different requirements
when, for example, we migrated from one domain to another.

you dont want the exec ntlm_auth thing - thats a diversion, you just
use the mschap module (and configure the ntlm line in that- you want
to use unlang
and then in the authorise section of the inner-tunnel, call different
mschap modules eg

pseudo-code: (untested, quickly typed)

if (%{User-Name} ~= "$"){
if (%{User-Name} ~= "$"){

but right now you just send (proxy) all this to NPS?  your aim is to
move the authentication to the FR system?


More information about the Freeradius-Users mailing list