On Mon, 2009-11-23 at 13:35 -0500, freeradius@corwyn.net wrote:
At 10:24 AM 11/23/2009, freeradius@corwyn.net wrote:
to confirm, and it looks like it's working.
Hmm. I have two sets of authentication I care about, VPN Users, and Cisco switches. I'd like to be able to control access to each of those separately (different AD Security Groups, and different shared keys).
I've found instructions for restricting ntlm_auth to a particular security group, but adding --require-membership-of={SID|Name} to the ntlm_auth command.
But I can't puzzle out how I'd then have one set of authentication for one security group, and one set of authentication for a second security group. (currently any AD users works).
Am I going to have to do something like create different modules (ntlm_auth and ntlm_auth2) radiusd.conf in the module section?
Rick
You need to create two separate entries in modules having two mschap entries .. sth like : mschap mschap_group1 { ... ntlm_auth = "your first ntlm_auth command" } mschap mschap_group2 { ... ntlm_auth = "your second ntlm_auth command" } and then have the respective mschaps used in the respective virtual servers for each client.