how to configure Cisco vpn clients againts freeradius
Jevos, Peter
Peter.Jevos at oriflame.com
Thu Jul 15 16:26:57 CEST 2010
Dear Alan, thank you , I'm moving slowly forward : )
So now, I have created second ntlm_auth2 file in the modules directory,
with this command:
exec ntlm_auth2 {
wait = yes
program = "/usr/bin/ntlm_auth --request-nt-key
--domain=MYDOMAIN --username=%{mschap:User-Name}
--password=%{User-Password}
--require-membership-of=S-1-5-21-853024553-185696384-3473746203-512"
}
I also added new authentication method ntlm_auth2 into
sites-available/inner-tunnel and default
I tested with "radtest USER PASSWORD localhost 0 testing123" and the
test passed : )
So I have created another line in the modules/mschap that looks like:
ntlm_auth2 = "/usr/bin/ntlm_auth --request-nt-key
--domain=%{%{mschap:NT-Domain}:} --username=%{mschap:User-Name}
--challenge=%{mschap:Challenge:-00}
--nt-response=%{mschap:NT-Response:-00} --require-membership-of=
S-1-5-21-853024553-185696384-3473746203-512"
But the vpn cisco clients are authenticated through domainname\username
and password
Is this ntlm_auth2 in the mschap ok ? or should I remove
--domain=%{%{mschap:NT-Domain}:} ?
I also changed users to :
DEFAULT Auth-Type := ntlm_auth2,Huntgroup-Name == "vpn"
Thanks
pet
More information about the Freeradius-Users
mailing list