Help checking group membership with FreeRadius
Josh Hiner
josh at remc1.org
Mon Mar 23 16:22:22 CET 2009
Currently we have a radius server that performs authentication off our samba domain controller for wireless users. This works great. I would like to limit users so they must be a member of the wireless group in order to connect. Since the /etc/group file is on a different server I believe I cannot use the etc_group module. Also, in order to use that module the user must have a valid account on the radius server as well.
Any ideas on checking group membership? I use ntlm_auth in the mschap module for authentication in Freeradius ver 2.1.3-1.
Here is the string in the users file to limit to the wireless group (its all on one line, email may wrap it):
DEFAULT Called-Station-Id =~ "CCISD-REMC1", Group != "wireless", Auth-Type := Reject
here is my ntlm_auth line: ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{mschap:User-Name:-None} --domain=ISD --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"
thanks for any help =D
*** This Email was sent by a system administrator in REMC #1.
More information about the Freeradius-Users
mailing list