Accept both machine auth and user with domain auth
Matthew Newton
mcn4 at leicester.ac.uk
Sun Jun 26 23:27:13 CEST 2016
On Sun, Jun 26, 2016 at 05:11:55PM -0400, Trevor Jennings wrote:
> Which I assume means if Stripped-User-Name is null, then use
> mschap:User-Name?
Yes
> I do not understand what I would need to do to achieve this. Would I need
> to set 'nostrip' under the realm for the domain of that user
> authenticating?
I would use unlang to see if the User-Name matches "^host/", and
if so call a different instantiation of mschap configured for
machine auth instead, rather than trying to configure one instance
of mschap to magically work with both.
Matthew
--
Matthew Newton, Ph.D. <mcn4 at leicester.ac.uk>
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
More information about the Freeradius-Users
mailing list