multiple peap authentication source?

tbsky at annsky.us tbsky at annsky.us
Fri Jul 22 02:56:09 CEST 2005


> tbsky at annsky.us wrote:
>>      i use eap-peap-mschapv2, and it was success.
>>      i can authenticate users via "users" file and i can
>>      authenticate users via winbind+windows 2000 ad server.
>>      the next step i want to do is mix  both "users" and
>>      "windows 2000 ad" as authentication source, but i don't know
>>      how to do it.
>
>   What do you mean "mix" the two?

     sorry i didn't clearify my question. mix the source means if
windows wireless client enter a peap username and password,
freeradius would first check windows domain via "ntlm_auth" program,
if that fails, check the "users" file. any of them suceess, freeradius
would give Access-accept.

>
>>      i try to create two "mschap" modules, "mschap-1" and "mschap-2".
>> but
>> i found that the "mschapv2"  module internally look at the
>>     module named "mschap", so the two modules  i create are useless.
>
>   You're also not saying *why* you created two modules, or how
> creating two modules would help.

      sorry again. i create two modules because i want to create a
"redudant module" like the "sql1" and "sql2" example in freeradius
"configurable_failover" document. but i found that i can not tell
"mschapv2" module to use them, since "mschapv2" want only "mschap"
internally.
      in my first thought, i create two "mschap" modules.
      mschap-1  use "ntlm_auth" to authenticate user.
      mschap-2 use "users" file to authenticate user.
      now if i can tell freeradius "mschapv2" to use the
     "mschap-1" and "mschap-2"  as failover redudant,
     then i can solve my problem.
      but i don't know how to do.
      thanks a lot for ur help!!!

Best Regards,
sky_li







More information about the Freeradius-Users mailing list