ntlm_auth and AD authentication
Alan DeKok
aland at deployingradius.com
Mon Nov 23 20:49:22 CET 2009
Gary Gatten wrote:
> I'm sorta struggling with the same thing, a la a single "NAS" (Cisco
> switch) requiring multiple auth types: 1,) VTY / enable access from
> NetEng group (in AD), 2.) 8021.x auth for everyone! Similar with VPN
> appliance, VTY's AND IPSec auths. The request type will differ for each
> type of requests, so it's "simply" a matter of uniquely identifying each
> type of request and performing the conditional processing. Easy right?
Yes.
a) write down what is in the request, and how you differentiate one
type of request from another
b) write down what replies you want to give for each type of request
c) implement (a) and (b).
People usually get stuck at (a). They want to treat "different"
things "differently". But they don't know what "different" means.
It's usually blindingly obvious: requests for MAC auth have
username/password the same... and containing the MAC. EAP requests hae
EAP-Message. ADSL requests come from a specific set of NASes.
Alan DeKok.
More information about the Freeradius-Users
mailing list