Autz-Type Config Clarification

Nathan L. Cable nathan at filmwest.com
Mon Aug 21 04:48:42 CEST 2006


I'm setting up a Radius environment which covers several physical sites.
Usernames and passwords come from an Active Directory server via ntlm_auth.
Each site has a group in the NT domain.  So, it would be nice to have
multiple auth-types for each area.

For clarification, I've tested my server without the Autz-type arguments
(ie, only using the one mschap instance), and everything works fine.
Everything also works great if I declare multiple instances of mschap, and
just have the radius server search through them in order - however, this
seems to be a rather inefficient way of doing things.

The debug output of radiusd indicates that my modules are being loaded, but
when the client authenticates, it's not done so against an auth-type.

Any thoughts as to why this is not working?

Here are the relevant portions of my config files:

# radiusd.conf:

.
.
.
modules {
    .
    .
    .
    mschap group1 {
        authtype = group1
        ...some config stuff...
        }
    mschap group2 {
        authtype = group2
        ...some config stuff...
        }
}
.
.
.
authorize {
    preprocess
    files
    Autz-Type group1 {
        group1
    }
    Autz-Type group2 {
        group2 {
    }
    eap
}

authenticate {
    Auth-Type group1 {
        group1
    }
    Auth-Type group2 {
        group2 {
    }
    eap
}
.
.
.

# users
DEFAULT Called-Station-Id == "00-11-22-33-44-55-66",Autz-Type := group1
DEFAULT Autz-Type = group2






More information about the Freeradius-Users mailing list