PEAP and multiple domains
alan buxey
A.L.M.Buxey at lboro.ac.uk
Mon Jul 16 17:28:55 CEST 2012
Hi,
> redundant {
> mschap.domain1
> mschap.domain2
> }
thats just redundancy....so if the first one answers...then thats that.
you need fail-through eg something like
Auth-Type MS-CHAP {
group {
mschap.domain1 {
reject = 1
ok = return
}
mschap.domain1 {
ok = return
}
}
}
ie try mschap.domain1 and if it fails, then dont care about the result and try doamin2
instead. obviously, once you have more in one than the other, then you want to switch them over.
we used this sort of construct when moving to a new AD domain.
alan
More information about the Freeradius-Users
mailing list