rlm_mschap man page on SuSE

Man page or keyword search:  
man Server   14857 pages
apropos Keyword Search (all sections)
Output format
SuSE logo
[printable version]

rlm_mschap(5)		       FreeRADIUS Module		 rlm_mschap(5)

NAME
       rlm_mschap - FreeRADIUS Module

DESCRIPTION
       The  rlm_mschap	module	provides  MS-CHAP and MS-CHAPv2 authentication
       support.

       This module validates a user with MS-CHAP or MS-CHAPv2  authentication.
       If  called  in  Authorize,  it will look for MS-CHAP Challenge/Response
       attributes in the Acess-Request and adds an Auth-Type attribute set  to
       MS-CHAP in the Config-Items list unless Auth-Type has already set.

       The  module  can	 authenticate the MS-CHAP session via plain-text pass‐
       words  (User-Password  attribute),   or	 NT   passwords	  (NT-Password
       attribute).   The  module  cannot  perform authentication against an NT
       domain.

       The module also enforces the SMB-Account-Ctrl attribute.	 See the Samba
       documentation  for the meaning of SMB account control.  The module does
       not read Samba password files.  Instead, the fIrlm_passwd module can be
       used to read a Samba password file, and supply an NT-Password attribute
       which this module can use.

       The main configuration items to be aware of are:

       authtype
	      This is the string used to set the authtype.  Normally it should
	      be left to the default value of MS-CHAP.

       use_mppe
	      Unless  this  is	set to 'no', FreeRADIUS will add MS-CHAP-MPPE-
	      Keys for MS-CHAPv1 and MS-MPPE-Recv-Key/MS-MPPE-Send-Key for MS-
	      CHAPv2.  The default is 'yes'.

       require_encryption
	      If  MPPE	is enabled, setting this attribute to 'yes' will cause
	      the MS-MPPE-Encryption-Policy attribute to  be  set  to  require
	      encryption.  The default is 'no'.

       require_strong
	      If  MPPE	is enabled, setting this attribute to 'yes' will cause
	      the MS-MPPE-Encryption-Types attribute to be set	to  require  a
	      128 bit key.  The default is 'no'.

       with_ntdomain_hack
	      Windows clients send User-Name in the form of "DOMAIN\User", but
	      send the challenge/response based	 only  on  the	User  portion.
	      Setting this value to yes, enables a work-around for this error.
	      The default is 'no'.

CONFIGURATION
       modules {
	 ...
	 mschap {
	    authtype = MS-CHAP
	    use_mppe = yes
	 }
	 ...
       }
	...
       authorize {
	 ...
	 mschap
	 ...
       }
	...
       authenticate {
	 ...
	 mschap
	 ...
       }

SECTIONS
       authorization, authentication

FILES
       /etc/raddb/radiusd.conf

SEE ALSO
       radiusd(8), radiusd.conf(5)

AUTHOR
       Chris Parker, cparker@segv.org

				 13 March 2004			 rlm_mschap(5)
[top]

List of man pages available for SuSE

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net