how to configure Cisco vpn clients againts freeradius

Alan DeKok aland at
Thu Jul 15 14:21:53 CEST 2010

Jevos, Peter wrote:
> Actually debug says : Unknown value ntlm_auth2 for attribute Auth-Type

  Which means you didn't list "ntlm_auth2" in the "authenticate" section.

> I've changed it as you adviced and I put the Auth-Type on the first
> place. However in the man page there is no example how to use Auth-Type
> and HUntgorup together.

  No.  There's no documentation on how to use Filter-Id and User-Name
together, either.  Documenting all possible combinations of all
attributes would require thousands of pages of text.

  Instead, the *concepts* are documented, and it is expected that people
understand, and apply those concepts.

> DEFAULT          Auth-Type := ntlm_auth2
>                  Huntgroup-Name == "vpn"

  Were you told to move the "Huntrgoup-Name" line?


  So why did you move it?

> Of course, I would prefer direct post how it should looks like, cause
> the documentation has lack of examples and the only source is examples
> from mailing list.

  No.  It doesn't help anyone to give you the exact solution.  Doing
that would mean that you don't need to think for yourself.

> Please,  does anybody has example how to combine two ntlm_auth ?

  Configure ntlm_auth.  Then, duplicate & edit the configuration,
including all refefences to ntlm_auth, for the "ntlm_auth2" module.

  Alan DeKok.

More information about the Freeradius-Users mailing list