separating Users?
Alan DeKok
aland at deployingradius.com
Tue Dec 1 08:39:24 CET 2009
freeradius at corwyn.net wrote:
> so if ./users:
> DEFAULT Huntgroup-Name == Cisco_Huntgroup, Auth-Type:=ntlm_auth,
> Ldap-Group == "Infrastructure"
>
> Service-Type:=NAS-Prompt-User,cisco-avpair:="shell:priv-lvl=15",
> DEFAULT Huntgroup-Name == VPN_Huntgroup, Auth-Type:=ntlm_auth,
> Ldap-Group == "VPN_Users"
>
> it should work?
No.
> I think even with the Auth-Type specified as ntm_auth,
> a Auth-Type is being set, as it's finding MSCHAP for me:
Because the NAS is sending MS-CHAP requests.
> from my server config, that stops it from being found, but then I lose
> the password for ntlm_auth I think:
Because you've forced the "ntlm_auth" module to be run. That module
ONLY checks clear-text passwords, and there is NO clear-text password in
the request.
Change the line having
... Auth-Type := ntlm_auth, ...
to
... Auth-Type = ntlm_auth, ...
And read "man users" to see what the difference is.
Alan DeKok.
More information about the Freeradius-Users
mailing list