"DeYoung, Brandon" <[EMAIL PROTECTED]> wrote: > I've tried this and a few other things in the users file. > test Auth-Type = Local, Password = "testing"
Don't set Auth-Type. > Authentication against the AD backend works from my clients with mschap v2. > But my local users still don't work when sent through mschap. Because the mschap module is calling ntlm_auth. > Exec-Program: /usr/bin/ntlm_auth --request-nt-key --domain=AM > --username=test --challenge=4cd9c1a15948bb64 > --nt-response=0f8afe37aac4a6d8c1f42aae8f2c4582f90e8f33e07877cd > Exec-Program output: Account locked out (0xc0000234) > Exec-Program-Wait: plaintext: Account locked out (0xc0000234) > Exec-Program: returned: 1 > rlm_mschap: External script failed. Hmm... looking at the module source, it could be a little more forgiving. In the mean time, try: #--- test User-Password == "testing", MS-CHAP-Use-NTLM-Auth = No #--- Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
