MSSCHAP auth + LDAP authorizaton (Working. Sort Of)
ndk.clanbo at gmail.com
Fri Apr 20 14:21:15 CEST 2012
Il 04/04/2012 12:49, Andres Septer ha scritto:
> OK, I achieved my goal to get freeradius authenticate via mschap challenge-response and authorize via LDAP search.
> I's working, though, I'm not sure, that I'm doing it right. This "solution" works only with one group (my example, VPNusers). I think it is not expandable to the scenario like:
> "authorize user when it belongs to the group VPNusers
> autohorize user when it comes form IP of some WiFi access point disregarding any groups"
Why not setting the group to check membership of in a variable based on
the NAS sending the request? Or, maybe, by using huntgroups (not sure...
still have to understand 'em fully).
More information about the Freeradius-Users