how to configure Cisco vpn clients againts freeradius
Peter.Jevos at oriflame.com
Thu Jul 15 12:51:19 CEST 2010
Jevos, Peter wrote:
> Thank you for your answer, but I don't understand
The documentation && debug mode is clear. Do you have a *specific*
> I took it from the mailing list:
I see. You'll believe some random post on the list, but not the
documentation, debug mode, or the main author?
> I'd like to authenticate all cisco vpn clients that match the proper
> domain name and password. I already have the ntlm_auth command, but I
> don't know how should look like the Users file
You were told what the "users" file should look like. The "Auth-Type"
text goes on the FIRST line of the entry. See "man users", and the
examples in the default "users" file. NONE of the examples in the
default "users" file have "Auth-Type" on the second line of an entry.
Dear Alan, thank you for your answer
Actually debug says : Unknown value ntlm_auth2 for attribute Auth-Type
I've changed it as you adviced and I put the Auth-Type on the first
place. However in the man page there is no example how to use Auth-Type
and HUntgorup together.
So my config is:
ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key
ntlm_auth2 = "/usr/bin/ntlm_auth --request-nt-key
And the user file is:
user Auth-Type := ntlm_auth
Service-Type = NAS-Prompt-User,
cisco-avpair = "shell:priv-lvl=15"
DEFAULT Auth-Type := ntlm_auth2
Huntgroup-Name == "vpn"
Of course, I would prefer direct post how it should looks like, cause
the documentation has lack of examples and the only source is examples
from mailing list.
Please, does anybody has example how to combine two ntlm_auth ?
Thanks a lot
More information about the Freeradius-Users