Enabling NTLM causes the daemon not to start...

Matthew Newton mcn at freeradius.org
Thu Dec 6 10:40:14 CET 2018

On Thu, 2018-12-06 at 09:17 +0000, WAGHORN, Jason (NHS BORDERS) via
Freeradius-Users wrote:
> When I attempt to launch radiusd, it bombs out with the following
> error  "/etc/raddb/sites-enabled/inner-tunnel[59]: Errors parsing pap
> sub-section."
> The authenticate section is this:


>                pap {
>                         ntlm_auth
>                 }
>         }

Mistake on the wiki; I've fixed it.

This should be 

  Auth-Type pap {

not just

  pap {

> If I comment out the pap stanza and reinstate the "pap" line - it
> launches, but with the side effect that AD authentication isn't
> working (although that could easily be something else entirely :))

Probably something else, it's unlikely most devices are using EAP-
TTLS/PAP. Even without those pap parts of the config you should still
find that the MSCHAPv2 methods work, if configured correctly.

> Any pointers most welcome - because I cannot for the life of me see
> what might be wrong (and I'm a newbie at trying to decipher radius
> debug output)
> radius -X output below

You've certainly done something right - sending the "-X" output, not
-Xxxx or -Xx or whatever other people keep sending!


More information about the Freeradius-Users mailing list