redundant-load-balance for AD ntlmauth
FreeRadius List
maillist-freeradius at iamafreeman.com
Mon Apr 29 14:31:50 CEST 2013
Hello
I use redundant-load-balance for ldap user auth to authenticate users to a
pool of active directory servers for one service. That seems to work well.
I'm trying to think why I don't do that for ntlmauth (used inside mschap
inner-tunnel) for another other service.
I've knocked that up to test it with mschap modules like (with N being
1,2,3,4,5)
mschap mschapadN {
with_ntdomain_hack = yes
ntlm_auth = "/usr/local/bin/mschap-ntlm_auth --request-nt-key
--username=%{%{Stripped-User-Name}:-%{User-Name:-None}}
--challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}
--configfile=/etc/samba/smb-adN.conf"
}
where /etc/samba/smb-adN.conf is the same as the others except for
"password server = adN.domain"
and then in the inner-tunnel site I have
authenticate {
Auth-Type MS-CHAP {
redundant-load-balance {
mschapad1
mschapad2
..
mschapadN
}
}
}
Is this along the lines that others follow? if not how does ntlmauth
handle the AD server being down. Does ntlmauth/winbind handle AD being
down so freeradius does not have to?
Thanks,
Neil
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130429/c2104304/attachment-0001.html>
More information about the Freeradius-Users
mailing list