how to configure Cisco vpn clients againts freeradius

Jevos, Peter Peter.Jevos at
Thu Jul 15 18:14:05 CEST 2010

  Err... no.  That won't work.

> But the vpn cisco clients are authenticated through
> and password

  Then you don't need to edit the mschap configuration.

> Is this ntlm_auth2 in the mschap ok ? or should I remove
> --domain=%{%{mschap:NT-Domain}:} ?

  Delete the "ntlm_auth2" line from the mschap config.  It does nothing.

> I also changed users to :
> DEFAULT          Auth-Type := ntlm_auth2,Huntgroup-Name == "vpn"

  That should work.

  Dear Alan

Yest , it'working, but I had to change the users file, cause it falled
down always into ntlm_auth2, when I wante to authenticate with my
Now it looks like:

DEFAULT         Auth-Type := ntlm_auth2,Huntgroup-Name == "vpn"
                Fall-Through = Yes

username   Auth-Type := ntlm_auth
           Service-Type = NAS-Prompt-User,
           cisco-avpair = "shell:priv-lvl=15"

And this works, but only with one domain. I need to check how it works
with more domains

BY for now thanks a lot, I will let you know


More information about the Freeradius-Users mailing list