Using AD and SQL to authenticate Wi-Fi users
Hi guys, I've been using FR (3.0.4) to authenticate Wi-Fi users against Active Directory and it is working fine. But now I need to check users in SQL database too, like this: SSID1 -> check for users in AD SSID2 -> check for users in SQL database I've managed to get it working, but only if the other authentication method is disabled. Only one would work at a time. To get SQL working, I've either commented the ntlm_auth from mods-enabled/mschap or added the following to the authorize section in sites-enabled/inner-tunnel: ... update control { MS-CHAP-Use-NTLM-Auth := No } mschap ... Removing the above and/or uncommenting the ntlm_auth line, users from AD are authenticated successfully but SQL users are not. I wanted to use unlang to check if the request came from a specific Called-Station-Id, but the inner-tunnel doesn't bring this information and always return false. Is there some check I can use to know where the request came from? Thank you!
copy_request_to_tunnel = yes and all attributes available in default server are available in inner-tunnel server too but I think it's deprecated 2015-06-18 19:34 GMT+02:00 Bruno de Paula Larini <bruno.larini@riosoft.com.br>:
Hi guys, I've been using FR (3.0.4) to authenticate Wi-Fi users against Active Directory and it is working fine. But now I need to check users in SQL database too, like this:
SSID1 -> check for users in AD SSID2 -> check for users in SQL database
I've managed to get it working, but only if the other authentication method is disabled. Only one would work at a time. To get SQL working, I've either commented the ntlm_auth from mods-enabled/mschap or added the following to the authorize section in sites-enabled/inner-tunnel:
... update control { MS-CHAP-Use-NTLM-Auth := No } mschap ...
Removing the above and/or uncommenting the ntlm_auth line, users from AD are authenticated successfully but SQL users are not.
I wanted to use unlang to check if the request came from a specific Called-Station-Id, but the inner-tunnel doesn't bring this information and always return false.
Is there some check I can use to know where the request came from?
Thank you!
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 18 Jun 2015, at 14:27, Ben Humpert <ben@an3k.de> wrote:
copy_request_to_tunnel = yes and all attributes available in default server are available in inner-tunnel server too but I think it's deprecated
Theoretically, yes, because you can do this in the inner server: update { &request: += &outer.request[*] } Officially no... -Arran Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS development team FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
participants (3)
-
Arran Cudbard-Bell -
Ben Humpert -
Bruno de Paula Larini