Authentication via ntlm_auth with check the user group
Сергей Усов
usows at pomorsu.ru
Wed Dec 7 10:11:45 CET 2011
Hi
I try to configure authentication via ntlm_auth to check the user group.
All authentication attempts are rejected
The same configuration without checking groups is working correctly
policy.conf:
extract_ssid {
if(Called-Station-Id =~
/^([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([-a-z0-9_.]*)?/i){
update request {
Called-Station-SSID := "%{7}"
}
if (Called-Station-SSID == localnet1) {
update request{
AD-Group := WiFisec
}
}
else {
update request{
AD-Group := WiFi-public
}
}
}
else {
noop
}
}
modules/mschap
ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key
--domain=%{mschap:NT-Domain} --username=%{mschap:User-Name}
--challenge=%{mschap:Challenge:-00}
--nt-response=%{mschap:NT-Response:-00}
--require-membership-of=POMORSU+%{AD-Group}"
sites-enabed/default
authorize {
preprocess
extract_ssid
freeradius 2.1.10+dfsg-2 debian squeeze
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4108 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20111207/b1bb4069/attachment.bin>
More information about the Freeradius-Users
mailing list