rlm_exec - ntlm_auth

Synopsis

The ntlm_auth module is a variant of the exec module.

This module serves as a testing step prior to using MS-CHAP and ntlm_auth. It should not be used in production environments.

Using the ldap module when performing PAP authentication with Active Directory is recommended. This method is be faster and more stable.

Note	Some older versions of Samba had problems. See Samba bug 6563

Default configuration

Processing Sections

authenticate

When listed in the authenticate section, the +ntlm_auth_ module uses the ntlm_auth program to perform PAP authentication to Samba. Samba is usually configured to join the domain of an Active Directory server.

Return codes: fail The ntlm_auth program could not be found.
: reject The user failed authentication.
: ok The user succeeded in authenticating.

Expansions

None.

Directives

See the exec module for a description of the directives.

Only the program configuration for the ntlm_auth module should be changed. All other directives in its configuration file should be left alone.

program

Syntax: program = string
Default: /path/to/ntlm_auth --request-nt-key --domain=MYDOMAIN --username=%\{mschap:User-Name} --password=%{User-Password}
Description: The path and arguments for the ntlm_auth program.

Note	The `program` directive must be edited to specify the path to `ntlm_auth` along with the local domain.

wait

Syntax: wait = boolean
Default: yes
Description: Wait for ntlm_auth to finish.