MSCHAP authentication against Active directory OR MySQL
Krzysztof Grobelak
kgrobelak at airspeed.ie
Fri Jun 13 19:15:48 CEST 2014
On 12/06/14 14:59, Alan DeKok wrote:
> Krzysztof Grobelak wrote:
>> On my freeRADIUS instance i am able to authenticate MSCHAP requests
>> against Active Directory using the ntlm_auth module and Samba
>> aditionally i can authenticate another group of WiMAX devices with
>> MACHAP against MySQL database. But if I enable the config for WiMAX
>> devices the are being authenticated aginst Active Directory and not
>> the MySQL db. Now I would like to be able to configure the server so
>> that both groups can be authenticated local users against Active
>> Directory and the WiMAX devices against database.
>
> That should be simple enough to do.
>
>> Can you guys advice how i can make it happen? I suspect unlang will be
>> needed to do this but if you could specify how exactly it would be
>> awesome.
>
> Well... reading the docs && debug logs should help a lot.
>
>> would it be something along those lines??
>>
>> authorise{
>> mschap{
>
> No. That won't work.
>
>> if("%{NAS-IP-Address}" == "1.1.1.1"){
>
> There's no need to put everything in quotes.
>
>> sql
>> }
>> else{
>> ntlm_auth
>> }
>> }
>> }
>
> You should be able to just do this:
>
> authorize {
> ...
>
> if (NAS-IP-Address == 1.1.1.1) {
> sql
> update control {
> MS-CHAP-Use-NTLM-Auth = No
> }
> }
> ...
> }
>
> And configure the "mschap" module, the "ntlm_auth" entry.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
That worked perfectly!!!
Thanks a lot Alan.
Regards
Krzysztof
Airspeed Telecom
More information about the Freeradius-Users
mailing list