On 07/01/2010 18:57, Difan Zhao wrote:
Greetings!
I did read the “*mschap*” module file and I did see that in order to use
a *cleartext* password, I need to set “*MS-CHAP-Use-NTLM-Auth := No*”
however I don’t know where to set it.
I tried to set it in “*hints*” file like the following. I added it to
the beginning of the file and the rest is just default.
enseo_stb
MS-CHAP-Use-NTLM-Auth := No
The “*enseo_stb*” is the username. I do see that it matched the line in
the *preprocess* in the debug however the authentication still failed. I
don’t have this user account set in Windows AD. I do have it set in my
*users* file.
Enseo_stb Cleartext-Password := "password"
Any advice?? Thank you!!
In the config file for your EAP _inner-tunnel_:
server inner-tunnel-server {
authorize {
...
update control {
MS-CHAP-Use-NTLM-Auth := 0
}
mschap
...
}
... you could use unlang to wrap it in an if statement if you wanted to be
selective about when to apply it.
-James
--
James J J Hooper
Network Specialist
Information Services
University of Bristol
http://www.wireless.bristol.ac.uk http://www.jamesjj.net
--
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html