PEAP/MSCHAPv2 - Host Account Authentication Only
alan buxey
A.L.M.Buxey at lboro.ac.uk
Thu Apr 26 00:58:06 CEST 2012
hi,
Matthew, I would say the check is a little sparse....and assumes
nothing else is in play...such as realms/proxying.... for what if
my username was
host\user at other.realm.com
its quite likely that this user would get proxied back to their
home site.....hence better to ensure the regex pattern is a bit tighter.
ah, joys of policies.
oh. actually, yes, you should ignore that i said add it to authorize..
what you SHOULD do is add the check to policy.conf and then call that
policy name in authorize. ah, thats better, can sleep now! ;-)
alan
More information about the Freeradius-Users
mailing list