Actions
Bug #12286
open
Add support for ntlm_auth in LDAP
Status:
New
Priority:
Normal
Assignee:
-
Category:
FreeRADIUS
Target version:
-
Start date:
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Affected Version:
Affected Plus Version:
Affected Architecture:
amd64
Description
The FreeRADIUS Package currently provides LDAP Authorisation/Authentication.
Some vendors like Mikrotik uses only MS-CHAPv2 for authentication (Login), so without ntlm_auth binary it's impossible to Auth that vendors (without plaintext password), because we have an error
mschap: WARNING: No Cleartext-Password configured. Cannot create NT-Password
mschap: Client is using MS-CHAPv2
mschap: ERROR: FAILED: No NT-Password. Cannot perform authentication
mschap: ERROR: MS-CHAP2-Response is incorrect
...
Failed to authenticate the user
there is ntlm_auth in dir /usr/local/etc/raddb/mods-available, but it contains:
exec ntlm_auth {
wait = yes
program = "/path/to/ntlm_auth --request-nt-key --domain=MYDOMAIN --username=%{mschap:User-Name} --password=%{User-Password}"
}
and there is no ntlm_auth binary to configure NTLM
Updated by Viktor Gurov over 2 years ago
The Samba package should be added to /tools/conf/pfPorts/poudriere_bulk to fix this issue and implement Squid NTLM authentication.
Updated by Jim Pingle over 2 years ago
I don't think we want to even consider putting the samba package in even as a dependency. Too much potential for abuse.
Actions