MSCHAP authentication against Active directory OR MySQL
Alan DeKok
aland at deployingradius.com
Thu Jun 12 15:59:14 CEST 2014
Krzysztof Grobelak wrote:
> On my freeRADIUS instance i am able to authenticate MSCHAP requests
> against Active Directory using the ntlm_auth module and Samba
> aditionally i can authenticate another group of WiMAX devices with
> MACHAP against MySQL database. But if I enable the config for WiMAX
> devices the are being authenticated aginst Active Directory and not
> the MySQL db. Now I would like to be able to configure the server so
> that both groups can be authenticated local users against Active
> Directory and the WiMAX devices against database.
That should be simple enough to do.
> Can you guys advice how i can make it happen? I suspect unlang will be
> needed to do this but if you could specify how exactly it would be
> awesome.
Well... reading the docs && debug logs should help a lot.
> would it be something along those lines??
>
> authorise{
> mschap{
No. That won't work.
> if("%{NAS-IP-Address}" == "1.1.1.1"){
There's no need to put everything in quotes.
> sql
> }
> else{
> ntlm_auth
> }
> }
> }
You should be able to just do this:
authorize {
...
if (NAS-IP-Address == 1.1.1.1) {
sql
update control {
MS-CHAP-Use-NTLM-Auth = No
}
}
...
}
And configure the "mschap" module, the "ntlm_auth" entry.
Alan DeKok.
More information about the Freeradius-Users
mailing list