Upgrade to latest freeradius release
pcsd
pcsd at canoemail.com
Mon May 11 21:55:45 CEST 2009
Thanks Ivan.
The ntdomain_hack was already in place.
I have provided some of the config files.
--- modules/mschap ---
mschap {
with_ntdomain_hack = yes
}
------
--- proxy.conf ---
realm DUSAMBA1 {
type = radius
authhost = LOCAL
authtype = LOCAL
# ignore_null =yes
strip
}
realm LOCAL {
# If we do not specify a server pool, the realm is LOCAL, and
# requests are not proxied to it.
}
------
--- eap.conf ---
eap {
default_eap_type = peap
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
max_sessions = 2048
md5 {
}
leap {
}
gtc {
auth_type = PAP
}
tls {
certdir = ${confdir}/certs
cadir = ${confdir}/certs
private_key_password = pass123
private_key_file = ${certdir}/server.pem
certificate_file = ${certdir}/server.pem
CA_file = ${cadir}/ca.pem
dh_file = ${certdir}/dh
random_file = ${certdir}/random
cipher_list = "DEFAULT"
cache {
enable = no
lifetime = 24 # hours
max_entries = 255
}
}
ttls {
default_eap_type = md5
copy_request_to_tunnel = no
use_tunneled_reply = no
virtual_server = "inner-tunnel"
}
peap {
default_eap_type = mschapv2
copy_request_to_tunnel = no
use_tunneled_reply = no
virtual_server = "inner-tunnel"
}
mschapv2 {
}
}
------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090511/9445cd23/attachment.html>
More information about the Freeradius-Users
mailing list