FreeRadius with ntlm_auth
charles at copel.com
charles at copel.com
Mon Dec 7 15:36:55 CET 2009
Hi, Allan:
My domain comes through as part of the request.
Sorry, but I didn´t understand this: "if so you can simply use the
example ntlm_auth to do the substitution".
Can you explain it better ?
Thanks.
Charles.
Hi,
>
> Hi All:
>
> My name is Charles and I need to "Configure my FreeRadius to use
ntlm_auth" to authenticate NT users.
> Actually, I am getting to do this for only one NT group, but I need to
do this for more NT groups.
>
> My configuration in "radius.conf" for ntlm_auth for one NT group is:
>
> exec win_domain {
> wait = yes
> input_pairs = request
> output_pairs = reply
> program = "/usr/local/bin/ntlm_auth --request-nt-key
--domain=COPEL --username=%{User-Name:-None} --password=%{User-Password}
--require-membership-of=COPEL\\Group1"
> }
>
> My environment is: FreeBSD 6.2 + Samba 3.0.26a + freeradius 1.1.7
>
> How can I do this configuration for more than one NT group ? Any idea ?
> Thanks,
> Charles.
does the domain come through as part of the request? if so you can simply
use the example ntlm_auth to do the substitution .
if not...well, you could so a large check table where every auth is tried
until one works....and if none work then they get rejected. bit messy
but redundant auth statements work okay and are very handy - eg for what
you migrate to a new AD system but half of users are still in the old
one or in a DB etc.
alan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20091207/d5eed498/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 2416 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20091207/d5eed498/attachment.gif>
More information about the Freeradius-Users
mailing list