I'm setting up a Radius environment which covers several physical sites.
Usernames and passwords come from an Active Directory server via ntlm_auth.
Each site has a group in the NT domain. So, it would be nice to have
multiple auth-types for each area.
For clarification, I've tested my server without the Autz-type arguments
(ie, only using the one mschap instance), and everything works fine.
Everything also works great if I declare multiple instances of mschap, and
just have the radius server search through them in order - however, this
seems to be a rather inefficient way of doing things.
The debug output of radiusd indicates that my modules are being loaded, but
when the client authenticates, it's not done so against an auth-type.
Any thoughts as to why this is not working?
Here are the relevant portions of my config files:
# radiusd.conf:
.
.
.
modules {
.
.
.
mschap group1 {
authtype = group1
...some config stuff...
}
mschap group2 {
authtype = group2
...some config stuff...
}
}
.
.
.
authorize {
preprocess
files
Autz-Type group1 {
group1
}
Autz-Type group2 {
group2 {
}
eap
}
authenticate {
Auth-Type group1 {
group1
}
Auth-Type group2 {
group2 {
}
eap
}
.
.
.
# users
DEFAULT Called-Station-Id == "00-11-22-33-44-55-66",Autz-Type := group1
DEFAULT Autz-Type = group2