Exec and ntlm_auth
freeradius at corwyn.net
freeradius at corwyn.net
Thu Nov 26 00:38:22 CET 2009
At 06:24 PM 11/25/2009, you wrote:
>Configure AD as ldap server in ldap module (.raddb/modules/ldap).
>Then add to users file:
>
>DEFAULT Ldap-Group == "max_priv_level" or whatever is your group called
> Service-Type = NAS-Prompt-User,
> cisco-avpair = "shell:priv-lvl=15"
Excellent. Thank you.
Rick
PS Noticed earlier that if I put a space in front of DEFAULT the
behaviour changes. quirky.
PPS I noticed in the guide for radiusd.conf it suggests:
exec ntlm_auth {
wait = yes
program = "/path/to/ntlm_auth ntlm_auth
--request-nt-key --domain=MYDOMAIN --username=%{mschap:User-Name}
--password=%{User-Password}"
}
yet I think it should be (an extra ntlm_auth?)
exec ntlm_auth {
wait = yes
program = "/path/to/ntlm_auth --request-nt-key
--domain=MYDOMAIN --username=%{mschap:User-Name} --password=%{User-Password}"
}
More information about the Freeradius-Users
mailing list