[ale] Freeradius, MSCHAP, and Active Directory
James Sumners
james.sumners at gmail.com
Thu Feb 26 14:23:02 EST 2015
On Thu, Feb 26, 2015 at 1:40 PM, James Taylor <
James.Taylor at eastcobbgroup.com> wrote:
> Freeradius servers are more fun than I can stand most days, but I have
> gotten a couple of them working.
>
The documentation is abysmal. And they always say RTFM on the Freeradius
list. Annoying.
> I'm not sure what version of freeradius your using, but I see a couple of
> areas in my radius.conf that look relevant.
3.0.1
> Do you have this entry under the mschap section?
>
>
> with_ntdomain_hack = yes
That got deprecated in favor of the "realm ntdomain" config as far as I can
tell. So I don't have the hack enabled, but I do have:
```
ntlm_auth = "/bin/ntlm_auth --request-nt-key
--username=%{%{mschap:User-Name}:-None}
--domain=%{%{mschap:NT-Domain}:-None}
--challenge=%{%{mschap:Challenge}:-00}
--nt-response=%{%{mschap:NT-Response}:-00}"
```
>
> And/or this entry further down?
>
> #
> # 'domain\user'
> #
> realm ntdomain {
> format = prefix
> delimiter = "\\"
> ignore_default = no
> ignore_null = no
> }
>
In "mods-enabled/ream" it is defined as:
```
#
# 'domain\user'
#
realm ntdomain {
format = prefix
delimiter = "\\"
}
```
That's the default from the installed config.
--
James Sumners
http://james.sumners.info/ (technical profile)
http://jrfom.com/ (personal site)
http://haplo.bandcamp.com/ (band page)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20150226/0fb50edb/attachment.html>
More information about the Ale
mailing list