ntlm_auth and AD authentication
freeradius at corwyn.net
freeradius at corwyn.net
Mon Nov 23 21:05:18 CET 2009
At 02:33 PM 11/23/2009, Paul Ryszka wrote:
>On Mon, 2009-11-23 at 13:35 -0500, freeradius at corwyn.net wrote:
> > Am I going to have to do something like create different modules
> > (ntlm_auth and ntlm_auth2) radiusd.conf in the module section?
>
>You need to create two separate entries in modules having two mschap
>entries .. sth like :
>mschap mschap_group1 {
> ...
> ntlm_auth = "your first ntlm_auth command"
>}
>mschap mschap_group2 {
> ...
> ntlm_auth = "your second ntlm_auth command"
>}
>and then have the respective mschaps used in the respective virtual
>servers for each client.
I currently have (working)
exec ntlm_auth {
wait = yes
program = "/usr/bin/ntlm_auth ntlm_auth
--request-nt-key --domain=int.invtitle.com
--username=%{mschap:User-Name} --password=%{User-Password}
--require-membership-of=int.example.com+VPN_Users"
}
so I'm not sure how that relates to mschap groups? I don't currently
have a mschap group at all currently in the radiusd.conf file.
Would I just create
exec ntlm_auth_2 {
wait = yes
program = "/usr/bin/ntlm_auth ntlm_auth
--request-nt-key --domain=int.invtitle.com
--username=%{mschap:User-Name} --password=%{User-Password}
--require-membership-of=int.example.com+Cisco_Users"
}
And how do I control which group is used for auth from a specific client?
Rick
More information about the Freeradius-Users
mailing list