New User and AD Question
Alan Buxey
A.L.M.Buxey at lboro.ac.uk
Wed Mar 2 21:17:20 CET 2011
Hi,
> That is brilliant! We are going to deploy a second domain this summer, I was wondering exactly how I would make our FR server work with both. I am definitely going to give this a try!
we just use the failover method..... have 2 copies of the mschap
module - each with labels to mark them, then in the eap.conf we
query one, then, if it fails, we query the other. simple.
eg
Auth-Type MS-CHAP {
if("%{User-Name}" =~ /@/){
group {
NEWAD-withrealm {
reject = 1
ok = return
}
OLDAD-withrealm {
reject = 1
ok = return
}
}
}
else {
NEWAD {
reject = 1
ok = return
}
OLDAD {
reject = 1
ok = return
}
}
}
NEWAD calls ntlm_auth against the new domain, OLDAD called ntlm_auth against the
old domain. the -withrealm does similar thing but deals with user authentication
where '@ourrealm' appears.
the joy of FreeRADIUS is the flexibility with which you can tackle any issues
that come your way... :-)
alan
More information about the Freeradius-Users
mailing list