freeradius@corwyn.net wrote:
so if ./users: DEFAULT Huntgroup-Name == Cisco_Huntgroup, Auth-Type:=ntlm_auth, Ldap-Group == "Infrastructure"
Service-Type:=NAS-Prompt-User,cisco-avpair:="shell:priv-lvl=15", DEFAULT Huntgroup-Name == VPN_Huntgroup, Auth-Type:=ntlm_auth, Ldap-Group == "VPN_Users"
it should work?
No.
I think even with the Auth-Type specified as ntm_auth, a Auth-Type is being set, as it's finding MSCHAP for me:
Because the NAS is sending MS-CHAP requests.
from my server config, that stops it from being found, but then I lose the password for ntlm_auth I think:
Because you've forced the "ntlm_auth" module to be run. That module ONLY checks clear-text passwords, and there is NO clear-text password in the request. Change the line having ... Auth-Type := ntlm_auth, ... to ... Auth-Type = ntlm_auth, ... And read "man users" to see what the difference is. Alan DeKok.