Authentication via ntlm_auth with check the user group
Сергей Усов
usows at pomorsu.ru
Fri Dec 9 12:08:10 CET 2011
Here is an authentication request from the certificate:
rad_recv: Access-Request packet from host 192.168.213.210 port 1390,
id=8, length=224
Message-Authenticator = 0x6d9c4039c9d8b314ca0bb11bf518f5a0
Service-Type = Framed-User
User-Name = "rahs at pomorsu.ru"
Framed-MTU = 1488
Called-Station-Id = "00-17-9A-D1-44-39:localnet1"
Calling-Station-Id = "00-1F-3C-3D-DF-8C"
NAS-Identifier = "D-Link Access Point"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x020800190175736f77735f61646d40706f6d6f7273752e7275
NAS-IP-Address = 192.168.213.210
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
There is a user name. It can not be used to check via LDAP?
> Сергей Усов wrote:
>
>> It's work for peap authentification, but if I use certificate
>> authentication, the module ldap do not work
>>
> Exactly. When certificate authentication is used, you are NOT doing
> username/password authentication. That's what certificate
> authentication is for. And the ldap module does username/password checks.
>
> So.. the two are not really compatible.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4108 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20111209/acdffcfb/attachment.bin>
More information about the Freeradius-Users
mailing list