Help with NTLM_AUTH and a Fortigate
Alan DeKok
aland at deployingradius.com
Fri May 30 10:57:41 UTC 2025
On May 29, 2025, at 10:37 PM, Matthew Beechey <mobiusnz at gmail.com> wrote:
> Sorry Alan - Still can't work it out. I follow
> https://www.freeradius.org/documentation/freeradius-server/4.0.0/howto/datastores/ad/ntlm_mschap.html
While reading documentation is good, you'll note that's the 4.0 documentation. You're running 3.0.
Plus, I suggested that you read mods-available/mschap. That file is on your local system, and contains detailed documentation on getting ntlm_auth running with the mschap module.
> and when I run the radtest -t mschap user password localhost 0 Secret it
> fails.
I also suggested that you read http://wiki.freeradius.org/list-help
That page SPECIFICALLY says that you shouldn't post the client output, because it's not needed.
> (4) Found Auth-Type = mschap
> (4) Auth-Type sub-section not found. Ignoring.
As Matthew noted, you've edited the default configuration and broken it.
Why?
Don't do that. Go back to the default configuration, and start over. Follow the documentation... the VERSION 3 documentation.
It will work.
The reason it doesn't work is that you're not following the documentation, and you're making massive changes to the configuration without really knowing what the effects are.
Alan DeKok.
More information about the Freeradius-Users
mailing list