NOTE: TCCRadius supports the NTSAM in PAP only mode.
If you wish to use the NTSAM, your NAS must be set to send packets in PAP. Setting to CHAP, Both, or Either will result in rejection of the packets. Most NAS units send packets in CHAP first. CHAP requires that the user's password be stored on the local server in clear text. Since the NTSAM is very secure, the password cannot be decrypted to obtain a clear text password.
Remember, always start by testing your TCCRadius in Console/Text mode first to verify general operation.
TCCRadius offers two modes of operation for interface to the NTSAM.
NTSAM - TCCRadius will check the Text files in the /Users directory for the user's attributes. The password will be decrypted from the NAS Request packet and compared to the NTSAM. If the user is not found, TCCRadius will look for a Text record and use it instead.
NTSAM_ODBC - TCCRadius will check the ODBC* database for any additional user's attributes. The password will be decrypted from the NAS Request packet and compared to the NTSAM. If the user is not found, TCCRadius will look for an ODBC record and use it instead.
*See: Setting up TCCRadius For ODBC Mode
1. You must set a minimum password length in the NT Policies section. Open the User Manager and choose the Policies menu. Set the minimum password length to at least 3. If you allow blank passwords, the NTSAM will not work with TCCRadius.
2. Edit TCCRadius.cfg with a plain text editor and change the UserOption line.
Example:
UserOption = NTSAM
-or-
UserOption = NTSAM_ODBC
3. You must also specify an NTDomain if you are not
authenticating off of the local NTSAM.
Edit TCCRadius.cfg with a plain text editor and change the
NTDomain line.
Example:
NTDomain = TALONCC
4. Use RadTest to test the operation of the NTSAM interface.
5. Contact support@tccsoftware.com with any questions.