[EMAIL PROTECTED] wrote: > > All, > Does anyone know how i can configure ntlm fall-through, eg. try to > authenticate the user local (via password entry in users file)
No, the "users" file doesn't authenticate anyone. It just adds a "known good" password to the request. Some other module takes care of authenticating the user. > and if > the user isn't found use ntlm-auth(or first ntlm and afterwards userfile > is also ok)? > If i comment out the ntlm-auth line in the mschap section of > radiusd.conf the user is authenticate local. See doc/configurable_failover. You should be able to add a statement to the "authenticate" section saying "try FOO, and if that fails, try BAR". This is really not a recommended configuration, however. It is difficult to make it work well. Perhaps you could say *why* you need this, rather than asking how to implement a particular solution. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
