how to configure Cisco vpn clients againts freeradius
Jevos, Peter
Peter.Jevos at oriflame.com
Fri Jul 16 14:19:44 CEST 2010
> ntlm_auth2 = "/usr/bin/ntlm_auth --request-nt-key
> --domain=%{%{mschap:NT-Domain}:} --username=%{mschap:User-Name}
> --challenge=%{mschap:Challenge:-00}
> --nt-response=%{mschap:NT-Response:-00} --require-membership-of=
> S-1-5-21-853024553-185696384-3473746203-512"
Err... no. That won't work.
> But the vpn cisco clients are authenticated through
domainname\username
> and password
Then you don't need to edit the mschap configuration.
>
> Is this ntlm_auth2 in the mschap ok ? or should I remove
> --domain=%{%{mschap:NT-Domain}:} ?
Delete the "ntlm_auth2" line from the mschap config. It does nothing.
> I also changed users to :
>
> DEFAULT Auth-Type := ntlm_auth2,Huntgroup-Name == "vpn"
That should work.
Alan DeKok.
Hello Alan,
One more question . Why shoud I delete the ntlm_auth2 line from the
mschap file ?
I thought that it is necessary. I have ntlm_auth file and ntlm_auth2
file 9 with the diferrent commands ), but only one cpmmand ntlm_auth in
the mschap file
What is the connection between command in the modules/ntlm_authx file,
and the command ntlm_auth in the mschap.
Thanks
pet
More information about the Freeradius-Users
mailing list