# require_encryption = yes
# require_strong = yes
# with_ntdomain_hack = no
-# ntlm_auth = "/path/to/ntlm_auth --request-nt-key --allow-mschapv2 --username=%{&Stripped-User-Name || &User-Name || 'None'} --challenge=%{%mschap(Challenge) || 00} --nt-response=%{%mschap(NT-Response) || 00}"
+# ntlm_auth = "/path/to/ntlm_auth --request-nt-key --allow-mschapv2 --username=%{Stripped-User-Name || User-Name || 'None'} --challenge=%{%mschap('Challenge') || 00} --nt-response=%{%mschap('NT-Response') || 00}"
# ntlm_auth_timeout = 10
winbind {
-# username = "%mschap(User-Name)"
-# domain = "%mschap(NT-Domain)"
+# username = "%mschap('User-Name')"
+# domain = "%mschap('NT-Domain')"
# retry_with_normalised_username = no
reuse {
# min = 10
}
passchange {
# ntlm_auth = "/usr/bin/ntlm_auth --helper-protocol=ntlm-change-password-1"
-# ntlm_auth_username = "username: %mschap(User-Name)"
-# ntlm_auth_domain = "nt-domain: %mschap(NT-Domain)"
-# local_cpw = %exec('/path/to/script', %mschap(User-Name), %{MS-CHAP-New-Cleartext-Password})
+# ntlm_auth_username = "username: %mschap('User-Name')"
+# ntlm_auth_domain = "nt-domain: %mschap('NT-Domain')"
+# local_cpw = %exec('/path/to/script', %mschap('User-Name'), %{MS-CHAP-New-Cleartext-Password})
# local_cpw = %sql("UPDATE radcheck set value='%{MS-CHAP-New-NT-Password}' where username='%{User-Name}' and attribute='Password.NT'")
}
# use_open_directory = yes
# allow_retry = yes
# retry_msg = "Re-enter (or reset) the password"
attributes {
- username = &User-Name
- chap_challenge = &Vendor-Specific.Microsoft.CHAP-Challenge
- chap_response = &Vendor-Specific.Microsoft.CHAP-Response
- chap2_response = &Vendor-Specific.Microsoft.CHAP2-Response
- chap2_success = &Vendor-Specific.Microsoft.CHAP2-Success
- chap_error = &Vendor-Specific.Microsoft.CHAP-Error
- chap_mppe_keys = &Vendor-Specific.Microsoft.CHAP-MPPE-Keys
- mppe_recv_key = &Vendor-Specific.Microsoft.MPPE-Recv-Key
- mppe_send_key = &Vendor-Specific.Microsoft.MPPE-Send-Key
- mppe_encryption_policy = &Vendor-Specific.Microsoft.MPPE-Encryption-Policy
- mppe_encryption_types = &Vendor-Specific.Microsoft.MPPE-Encryption-Types
- chap2_cpw = &Vendor-Specific.Microsoft.CHAP2-CPW
- chap_nt_enc_pw = &Vendor-Specific.Microsoft.CHAP-NT-Enc-PW
+ username = User-Name
+ chap_challenge = Vendor-Specific.Microsoft.CHAP-Challenge
+ chap_response = Vendor-Specific.Microsoft.CHAP-Response
+ chap2_response = Vendor-Specific.Microsoft.CHAP2-Response
+ chap2_success = Vendor-Specific.Microsoft.CHAP2-Success
+ chap_error = Vendor-Specific.Microsoft.CHAP-Error
+ chap_mppe_keys = Vendor-Specific.Microsoft.CHAP-MPPE-Keys
+ mppe_recv_key = Vendor-Specific.Microsoft.MPPE-Recv-Key
+ mppe_send_key = Vendor-Specific.Microsoft.MPPE-Send-Key
+ mppe_encryption_policy = Vendor-Specific.Microsoft.MPPE-Encryption-Policy
+ mppe_encryption_types = Vendor-Specific.Microsoft.MPPE-Encryption-Types
+ chap2_cpw = Vendor-Specific.Microsoft.CHAP2-CPW
+ chap_nt_enc_pw = Vendor-Specific.Microsoft.CHAP-NT-Enc-PW
}
# attributes {
-# username = &User-Name
-# chap_challenge = &MS-CHAP-Challenge
-# chap_response = &MS-CHAP-Response
-# chap2_response = &MS-CHAP2-Response
-# chap2_success = &MS-CHAP2-Success
-# chap_error = &MS-CHAP-Error
+# username = User-Name
+# chap_challenge = MS-CHAP-Challenge
+# chap_response = MS-CHAP-Response
+# chap2_response = MS-CHAP2-Response
+# chap2_success = MS-CHAP2-Success
+# chap_error = MS-CHAP-Error
# }
}
```
# WARNING: Be VERY careful when editing the following line!
# Change the path, and ideally nothing else.
#
-# ntlm_auth = "/path/to/ntlm_auth --request-nt-key --allow-mschapv2 --username=%{&Stripped-User-Name || &User-Name || 'None'} --challenge=%{%mschap(Challenge) || 00} --nt-response=%{%mschap(NT-Response) || 00}"
+# ntlm_auth = "/path/to/ntlm_auth --request-nt-key --allow-mschapv2 --username=%{Stripped-User-Name || User-Name || 'None'} --challenge=%{%mschap('Challenge') || 00} --nt-response=%{%mschap('NT-Response') || 00}"
#
# ntlm_auth_timeout:: Time to wait for `ntlm_auth` to run.
# later to be installed. Make sure that `ntlm_auth` above is
# commented out.
#
-# username = "%mschap(User-Name)"
-# domain = "%mschap(NT-Domain)"
+# username = "%mschap('User-Name')"
+# domain = "%mschap('NT-Domain')"
#
# retry_with_normalised_username::
# Uncomment the three lines below, and change the path to `ntlm_auth.
#
# ntlm_auth = "/usr/bin/ntlm_auth --helper-protocol=ntlm-change-password-1"
-# ntlm_auth_username = "username: %mschap(User-Name)"
-# ntlm_auth_domain = "nt-domain: %mschap(NT-Domain)"
+# ntlm_auth_username = "username: %mschap('User-Name')"
+# ntlm_auth_domain = "nt-domain: %mschap('NT-Domain')"
#
# local_cpw::
#
# TIP: We give both examples here, but *only one should be used*.
#
-# local_cpw = %exec('/path/to/script', %mschap(User-Name), %{MS-CHAP-New-Cleartext-Password})
+# local_cpw = %exec('/path/to/script', %mschap('User-Name'), %{MS-CHAP-New-Cleartext-Password})
# local_cpw = %sql("UPDATE radcheck set value='%{MS-CHAP-New-NT-Password}' where username='%{User-Name}' and attribute='Password.NT'")
}
projects / thirdparty / freeradius-server.git / commitdiff
