MSCHAP - NTLM against groups

Micha Ballmann ballmann at
Mon Oct 21 14:34:51 CEST 2019


i've configured a new freeradius server for WLAN authentication. My 
radius server is a domain member on my samba 4.7.12 ADDC. For my mschap 
configuration i followd this guide: 

The auth works! I can configure ntlm_auth in two differents way?

ntlm_auth = "/path/to/ntlm_auth*--allow-mschapv2* --request-nt-key
--username=%{mschap:User-Name} --domain=MYDOMAIN


winbind_username = "%{mschap:User-Name}"
winbind_domain = "%{mschap:NT-Domain}"

Both ways are working, but now im hanging a little bit. Currently im 
using this config in /mods-available/mschap:

winbind_username = "%{mschap:User-Name}"
winbind_domain = "%{mschap:NT-Domain}"

(ntlm_auth = ... is commented out)

I have an AD Group "WLAN".

How can i authenticate against this groups? Is there any directive like 
"winbind_group = "?



More information about the Freeradius-Users mailing list