Ok, I discovered radius200.exe and have it working using the flatfile "users" database.
But, now I want to have it proxy to NTLM any auth requests that can't be fulfilled from the
radius200 "users" file. In
other words, the Win2K server where radius200.exe is running has some users in it's local SAM ; it
is not an AD (domain)
server. Is it possible to have radius200.exe forward auth requests via NTLM with a "users" file
entry like this:
DEFAULT Auth-Type = System
Class = "class1"
That's how the radius200.exe documentation shows that it should be done. However, it doesn't appear
to be working for
me. I haven't yet learned how to troubleshoot NTLM auth, so I'm not sure where the "DEFAULT
Auth-Type = System" action
is failing. The only thing that the radius200.exe log shows is:
11/28/04 : 23:05:31
rad_recv() called for auth
11/28/04 : 23:05:32
Debug : Authentication Failed
I have a NAS that has a NTLM client itself and it can auth to the Win2K server, so I know that NTLM
works on the Win2K
server. However, I want radius200.exe do the NTLM auth because radius200.exe can return additional
parameters (like the
Thanks for any help with this.
Regards - Tom
----- Original Message -----
To: <m0n0wall at lists dot m0n0 dot ch>
From: "Barry Mather" <barry dot mather at dorecentres dot com dot au>
Subject: RE: [m0n0wall] WIN32 Radius Server howto
Date: Thu, 30 Sep 2004 10:32:19 +1000
Its pretty straight forward
Get the software (just google radius200.exe and download from
Install onto you win32 machine, I have it working on both winxp sp2, and
If you installed to a default location, open c:\program files\multi-tech
Open the users file with notepad
Remove all the users in there, I have the following line for a user
Username Auth-Type = Local, Password = "userspassword"
The username is the 'username' in the line above is the actual username
you want to use.
The realms file can be empty
The radius program will create a my-users file based on the users file
you just edited, leave this alone
Dictionary file can be left as is
The clients file needs to be edited to include the ip address of the
m0n0wall, and the radius access password, my file looks like this :
That's it, v simple
No more files to edit.
It installs itself as a win32 service, just stop the service, restart
it, and it loads all the settings / users ..
Now enable the captive portal, telling it to use the ip address of the
win32 machine this radius server is installed on, and the password to
use, in this case password.
Make sure that your local win32 firewall is either not on, or is
allowing port 1812 through for radius !
And bob is your proverbial uncle, or aunt ... ;)