how to configure Cisco vpn clients againts freeradius
Jevos, Peter
Peter.Jevos at oriflame.com
Thu Jul 15 18:14:05 CEST 2010
Err... no. That won't work.
> But the vpn cisco clients are authenticated through
domainname\username
> and password
Then you don't need to edit the mschap configuration.
>
> Is this ntlm_auth2 in the mschap ok ? or should I remove
> --domain=%{%{mschap:NT-Domain}:} ?
Delete the "ntlm_auth2" line from the mschap config. It does nothing.
> I also changed users to :
>
> DEFAULT Auth-Type := ntlm_auth2,Huntgroup-Name == "vpn"
That should work.
Dear Alan
Yest , it'working, but I had to change the users file, cause it falled
down always into ntlm_auth2, when I wante to authenticate with my
username
Now it looks like:
DEFAULT Auth-Type := ntlm_auth2,Huntgroup-Name == "vpn"
Fall-Through = Yes
username Auth-Type := ntlm_auth
Service-Type = NAS-Prompt-User,
cisco-avpair = "shell:priv-lvl=15"
And this works, but only with one domain. I need to check how it works
with more domains
BY for now thanks a lot, I will let you know
Pet
More information about the Freeradius-Users
mailing list