Different Auth Methods based on client entries with ntlm_auth

Alan DeKok aland at deployingradius.com
Fri May 27 14:40:18 CEST 2011


O'Neil, Donald A. wrote:
> I've followed the instructions on
> http://deployingradius.com/documents/configuration/active_directory.html and
> it works great for one group when I add the option
> --require-membership-of=SomeGroup but I need a way to figure out how to
> specify that group name, perhaps based on the nastype, or some other
> variable I can set in the client configuration.

  Put the group name into a temporary variable (Tmp-String-0), and then
edit the ntlm_auth line in raddb/modules/mschap:

	ntlm_auth = ".... --require-membership-of=%{Tmp-String-0}"

  That will be dynamically expanded at run time.

  Alan DeKok.



More information about the Freeradius-Users mailing list