ntlm_auth not being invoked

Alan DeKok aland at deployingradius.com
Fri Jun 4 14:53:39 CEST 2021

On Jun 4, 2021, at 8:02 AM, Shaun donovan via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> I have configured FreeRADIUS Version 3.0.20 on a CentOS Linux release 8.3.2011 machine with daloRadius. I have then followed the instructions at http://deployingradius.com/documents/configuration/active_directory.html to allow FreeRADIUS to authenticate against an Active Directory.
> Everything works up to the point that I must remove the "testing entry" in raddb/mods-config/files/authorize, namely the "DEFAULT Auth-Type = ntlm_auth" and uncomment the "ntlm_auth =" line in raddb/modules/mschap. Once I do this and test using radtest, I get:
> (0) pap: WARNING: No "known good" password found for the user. Not setting Auth-Type
> (0) pap: WARNING: Authentication will fail unless a "known good" password is available
> (0)     [pap] = noop
> (0)   } # authorize = ok
> (0) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject
> from Radius -X.

  There's a lot more output available.  Post ALL of it.

> I can see that it is trying to do PAP authentication, but does not "Fall Through" to try ntlm_auth. I have tried to google this extensively, but cannot find where I should configure FreeRADIUS to first try PAP and the try ntlm_auth.
> Any help appreciated.

  Follow the instructions here: http://wiki.freeradius.org/list-help

  Alan DeKok.

More information about the Freeradius-Users mailing list