Bram Matthys (Syzop) wrote:
>> You don't. You've managed to put the "ntml_auth_pap" program into the
>> "pap" Auth-Type, for reasons I don't understand. Why not just call it
>> ntlm_auth_pap? After all, they're *different*. The do NOT do the same
>> thing.
>
> That's what I did first, because it makes sense and sounds logical, but
> didn't get it working, as said in my original mail: it ran the program
> succesfully but then simply went on with other mods and in the end
> complaining about no auth-type being set.
I don't think you got my point. If you want to AUTHENTICATE using
ntlm_auth_pap... then call it in the AUTHENTICATION section. Calling it
in the AUTHORIZATION section is not AUTHENTICATION.
You need to:
a) set Auth-Type = ntlm_auth_pap in the authorize{} section
which you are doing... sort of... using Auth-Type := PAP
b) have an "Auth-Type ntlm_auth_pap" subsection in the authenticate{}
section, which you are doing... sort of... using Auth-Type PAP.
> Could be that your suggestion there is for another type of configuration,
> but if that were the case then that wasn't clear to me.
Yes. Don't mangle the existing configuration. PAP is for PAP. If
you want a different Auth-Type, give it a different name. There is
nothing magic about the PAP name. You don't have to put all custom
authentication modules into the PAP subsection of the authenticate section.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
