<div dir="ltr"><div class="gmail_default" style="font-size:small">Make sure winbind is running. That held me up for the longest time.</div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">Have you joined the Radius box to the AD domain? </div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">What do you get when you do:<br></div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small"><div class="gmail_default">ntlm_auth --request-nt-key --domain=your.domain --username=Administrator</div><div class="gmail_default"><br></div><div class="gmail_default">If you do not get NT_STATUS_OK: Success (0x0)</div><div class="gmail_default"><br></div><div class="gmail_default">then you need to fix that first.</div></div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><span><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
Do you have this entry under the mschap section?<br>
<br>
<br>
with_ntdomain_hack = yes</blockquote><div><br></div></span><div>That got deprecated in favor of the "realm ntdomain" config as far as I can tell. So I don't have the hack enabled, but I do have:</div><div><br></div><div>```</div><div>ntlm_auth = "/bin/ntlm_auth --request-nt-key --username=%{%{mschap:User-Name}:-None} --domain=%{%{mschap:NT-Domain}:-None} --challenge=%{%{mschap:Challenge}:-00} --nt-response=%{%{mschap:NT-Response}:-00}"<br></div></div></div></div></blockquote><div><br></div><div><br></div><div><div class="gmail_default" style="font-size:small;display:inline">Is that just an example that you're quoting, or is that your actual config line? My working /etc/freeradius/modules/mschap</div> <div class="gmail_default" style="font-size:small;display:inline">contains this:</div></div><div><div class="gmail_default" style="font-size:small;display:inline"><br></div></div><div><div class="gmail_default" style="display:inline"><div>ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}} --domain=%{mschap:NT-Domain:-MKA.LOCAL} --challenge=%{%{mschap:Challenge}:-00} --nt-response=%{%{mschap:NT-Response}:-00}"</div><div><br></div><div>where MKA.LOCAL is my AD domain.</div></div></div><div><div class="gmail_default" style="font-size:small;display:inline"></div></div><div><div class="gmail_default" style="font-size:small">I am using the with_ntdomain_hack=yes version of freeRadius, so cannot comment on realm ntdomain.</div></div></div><br clear="all"><div><div class="gmail_default" style="font-size:small">ed</div><br></div>-- <br><div><div dir="ltr">Edward Holcroft | Madsen Kneppers & Associates Inc.<br>11695 Johns Creek Parkway, Suite 250 | Johns Creek, GA 30097<br>O <a href="tel:%28770%29%20446-9606" value="+17704469606" target="_blank">(770) 446-9606</a> | M <a href="tel:%28770%29%20630-0949" value="+17706300949" target="_blank">(770) 630-0949</a></div></div>
</div></div>
<br>
<span style="font-family:arial"><font size="2">MADSEN, KNEPPERS & ASSOCIATES USA, MKA Canada Inc. WARNING/CONFIDENTIALITY NOTICE: This message may be confidential and/or privileged. If you are not the intended recipient, please notify the sender immediately then delete it - you should not copy or use it for any purpose or disclose its content to any other person. Internet communications are not secure. You should scan this message and any attachments for viruses. Any unauthorized use or interception of this e-mail is illegal.</font></span>