tac_plus‐ng: MAVIS MSCHAP support

Both MSCHAPv1 and MSCHAPv2 are supported. That's trivial if you supply clear-text passwords, but if you want to use your AD infrastructure as a backend using the SAMBA/winbind functionality via ntlm_auth is required. In that case, you'll need to use both mavis_tacplus-ng_ntlmauth.pl and mavis_tacplus-ng_ldap.pl (the first one for actually authenticating users, and the second one for authorization).

Plus, remember to set ms-chap backend = mavis.

Sample configuration snippet:

    mavis module ntauth = external {
        setenv NT_DOMAIN = EXAMPLE
        exec = /usr/local/lib/mavis/mavis_tacplus-ng_ntlmauth.pl
    }

    mavis module = external-mt {
        setenv LDAP_BASE="dc=example,dc=local"
        setenv LDAP_USER="myuser@example.local"
        setenv LDAP_PASSWD="secret"
        setenv LDAP_HOSTS="ldap://127.0.0.1"
        exec = /usr/local/sbin/ldapmavis-mt
    }

    ms-chap backend = mavis

Actually, I don't have a suitable AD domain to test this, so this is not well tested and may or may not work for you.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

tac_plus‐ng: MAVIS MSCHAP support

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Clone this wiki locally