Lesson 2. FreeRADIUS – ntlm_auth
Once you have verified that Samba is installed and working correctly, and that the ntlm_auth program works, you can proceed with configuring FreeRADIUS to use ntlm_auth. For initial testing, we will be using the exec module, and will run the exact command line used above.
In the radiusd.conf file, add the following text to the modules section:
wait = yes
program = "/path/to/ntlm_auth ntlm_auth --request-nt-key --domain=MYDOMAIN --username=%{mschap:User-Name} --password=%{User-Password}"
}
This configuration tells the server to run the ntlm_auth program with the user name and password obtained from the Access-Request. You will also have to list ntlm_auth in the authenticate sections of each the raddb/sites-enabled/default file, and of the raddb/sites-enabled/inner-tunnel file:
...
ntlm_auth
...
}
and add the following text for testing purposes only to the top of the users file.
This configuration says "for all users, if the authenticate method has not been set, set it to use the ntlm_auth program".
Start the server using radiusd -X, and wait for the debugging text to stop scrolling by. If all goes well, you should see the following text:
In another terminal window on the same machine, type the following command:
If all goes well, you should see the server returning an Access-Accept message, and the window with radtest should print text similar to the following:
This text means that authentication succeeded. A few lines above this text, the debug output will also show the exact command line used to run ntlm_auth.
Enjoy this article?
Pages
Recent Comments
- angel on how to reset password on Linksys WRT54GL running OpenWRT
- rich on how to reset password on Linksys WRT54GL running OpenWRT
- rosniza on AntiDDOS or magic shield :)
- samuray on how to reset password on Linksys WRT54GL running OpenWRT
- samuray on how to reset password on Linksys WRT54GL running OpenWRT
