how to configure Cisco vpn clients againts freeradius

Jevos, Peter Peter.Jevos at
Wed Jul 14 17:40:46 CEST 2010

Jevos, Peter wrote:
> user   Auth-Type := ntlm_auth
>         Service-Type = NAS-Prompt-User,
>         cisco-avpair = "shell:priv-lvl=15"
> And I added this lines into users file:
> DEFAULT         Huntgroup-Name == "vpn"
>                 Auth-Type := ntlm_auth2

  What is "Auth-Type" on the first line for "user", and on the second
for "DEFAULT"?

  See "man users"

  Run the server in debugging mode.  It WILL complain about the
"Auth-Type" being on the second line.

  Alan DeKok.
HI alan

Thank you for your answer, but I don't understand

I took it from the mailing list:

I'd like to authenticate all cisco vpn clients that match the proper
domain name and password. I already have the ntlm_auth command, but I
don't know how should look like the Users file

My ntlm_auth is:
ntlm_auth2 = "/usr/bin/ntlm_auth --request-nt-key
--username=%{mschap:User-Name} --domain=%{mschap:NT-Domain:}
--require-membership-of='SOMEDOMAIN+domain users'"

I'm using ntlm_auth2 because ntlm_auth is already used ( for the router
access )



More information about the Freeradius-Users mailing list