multiple peap authentication source?

tbsky at tbsky at
Fri Jul 22 05:54:21 CEST 2005

   thanks for ur reply.
   let me describe my need and plan.
   i want to use freeradius as our wireless authenticator.
   client is windows xp and using wpa + eap-peap-mschapv2.
   wireless AP is configure to ask freeradius server.

   all employee in our company has windows domain account,
   so i want freeradius to ask windows for these guys via "ntlm_auth".

   guests didn't have windows domain account, so i want to create
   guest account in the "users" file, since it's a plain text file, i can
   easily write a web front-end to maintain that file.

   if freeradius can use both "ntlm_auth" and "users" file to authticate
   users, then everything is streight-forward.

   maybe there are some trinks can do what i want?
   thanks for ur help!!

Best Regareds,

> tbsky at wrote:
>>      sorry i didn't clearify my question. mix the source means if
>> windows wireless client enter a peap username and password,
>> freeradius would first check windows domain via "ntlm_auth" program,
>> if that fails, check the "users" file. any of them suceess, freeradius
>> would give Access-accept.
>   The "ntlm_auth" program runs in the "authenticate" section, and the
> "users" file runs before that, in the "authorize" section.
>   What you want to do is impossible in the current implementation.
>   Can you describe what you want to do, WITHOUT getting into
> implementation details?  There may be other ways of acheiving your
> goal, which you're not seeing.  If all you talk about is
> implementation, we have no way of helping you find those other
> solutions.
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list