PEAP and multiple domains

David Aldwinckle daldwinc at uwaterloo.ca
Mon Jul 16 17:12:37 CEST 2012


Hello,

I currently use PEAP and the mschap module to call ntlm_auth and authenticate against Active Directory. The FreeRadius server is currently joined to domain1.

It may come about in the near future that I need to query two different domains before failing a request. Unlang says I can do this:

redundant {
	mschap.domain1
	mschap.domain2
}

Where mschap.domain{1,2} are copies of the stock mschap module, with the new domain plugged in.  

Will this work? Do I need to change the Samba configuration?

In a quick test, with the server in domain1, I ran ntlm_auth and specified domain2, which failed to authenticate the user.

Thanks,
Dave A.




More information about the Freeradius-Users mailing list