One virtual server for MS-chapv2 against AD w/ ntlm_auth, the other one against ldap ntpasswd hash possible?
schilling
schilling2006 at gmail.com
Tue Dec 14 21:14:34 CET 2010
Got the whole setup working. So basically if users sign on with
username at foo.edu with eap, they will be sent to ldap w/ ntpassword
authorization. If users sign on with username only with eap, they will
be sent to active directory w/ ntlm authentication.
configuration changes are the following:
etc/raddb/proxy.conf add
realm foo.edu {
}
realm NULL {
}
/etc/raddb/site-enabled/inner-tunnel at the ldap line in authorize section add
switch "%{Realm}" {
case foo.edu {
ldap
#see /etc/raddb/module/mschap if ntpassword available,
then do not use
#NTLM_auth
update control {
MS-CHAP-Use-NTLM-Auth := NO
}
case NULL {
mschap
}
}
etc/raddb/module/mschap, etc/raddb/module/ntlm are all from integrate
with Active Directory howto.
Thanks for the great software, and can not wait to see the finish of
the book. There are so many internals to be understood.
Schilling
On Wed, Dec 8, 2010 at 2:12 AM, Alan DeKok <aland at deployingradius.com> wrote:
> schilling wrote:
>> Just to be sure. Both user(username and username at foo.edu) will use
>> eap, mschapv2 to authenticate. But there is only one mschap module in
>> etc/raddb/modules/?
>
> So... configure another mschap module.
>
> See raddb/modules/files for examples of configuring two instances of
> the same module.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list