Project

General

Profile

Actions

Bug #12286

open

Add support for ntlm_auth in LDAP

Added by Vladislav Kulikov 3 months ago. Updated 3 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
FreeRADIUS
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Affected Version:
Affected Plus Version:
Affected Architecture:
amd64

Description

The FreeRADIUS Package currently provides LDAP Authorisation/Authentication.
Some vendors like Mikrotik uses only MS-CHAPv2 for authentication (Login), so without ntlm_auth binary it's impossible to Auth that vendors (without plaintext password), because we have an error

mschap: WARNING: No Cleartext-Password configured.  Cannot create NT-Password
mschap: Client is using MS-CHAPv2
mschap: ERROR: FAILED: No NT-Password.  Cannot perform authentication
mschap: ERROR: MS-CHAP2-Response is incorrect
...
Failed to authenticate the user

there is ntlm_auth in dir /usr/local/etc/raddb/mods-available, but it contains:
exec ntlm_auth {
        wait = yes
        program = "/path/to/ntlm_auth --request-nt-key --domain=MYDOMAIN --username=%{mschap:User-Name} --password=%{User-Password}" 
}

and there is no ntlm_auth binary to configure NTLM

Actions #1

Updated by Viktor Gurov 3 months ago

The Samba package should be added to /tools/conf/pfPorts/poudriere_bulk to fix this issue and implement Squid NTLM authentication.

Actions #2

Updated by Viktor Gurov 3 months ago

see also #10415

Actions #3

Updated by Jim Pingle 3 months ago

I don't think we want to even consider putting the samba package in even as a dependency. Too much potential for abuse.

Actions

Also available in: Atom PDF