{
	# Microsoft CHAP authentication
	#
	#  This module supports MS-CHAP and MS-CHAPv2 authentication.
	#  It also enforces the SMB-Account-Ctrl attribute.
}	mschap \{
{
		#  As of 0.9, the mschap module does NOT support
		#  reading from /etc/smbpasswd.
		#
		#  If you are using /etc/smbpasswd, see the 'passwd'
		#  module for an example of how to use /etc/smbpasswd
		#
		# authtype value, if present, will be used
		# to overwrite (or add) Auth-Type during
		# authorization. Normally should be MS-CHAP
}		authtype = MS-CHAP
{
		# if use_mppe is not set to no mschap will
		# add MS-CHAP-MPPE-Keys for MS-CHAPv1 and
		# MS-MPPE-Recv-Key/MS-MPPE-Send-Key for MS-CHAPv2
}		use_mppe = yes
{
		# if mppe is enabled require_encryption makes
		# encryption moderate
}		require_encryption = yes
{
		# require_strong always requires 128 bit key
		# encryption
		#
}		require_strong = yes
{
		# Windows sends us a username in the form of
		# DOMAIN\user, but sends the challenge response
		# based on only the user portion.  This hack
		# corrects for that incorrect behavior.
}		with_ntdomain_hack = yes
{
		# The module can perform authentication itself, OR
		# use a Windows Domain Controller.  This configuration
		# directive tells the module to call the ntlm_auth
		# program, which will do the authentication, and return
		# the NT-Key.  Note that you MUST have "winbindd" and
		# "nmbd" running on the local machine for ntlm_auth
		# to work.  See the ntlm_auth program documentation
		# for details.
		#
		# Be VERY careful when editing the following line!
		#ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%\{Stripped-User-Name:-%\{User-Name:-None\}\} --challenge=%\{mschap:Challenge:-00\} --nt-response=%\{mschap:NT-Response:-00\}"
}	\}
