Using AD and SQL to authenticate Wi-Fi users

Ben Humpert ben at an3k.de
Thu Jun 18 20:27:20 CEST 2015


copy_request_to_tunnel = yes
and all attributes available in default server are available in
inner-tunnel server too but I think it's deprecated

2015-06-18 19:34 GMT+02:00 Bruno de Paula Larini <bruno.larini at riosoft.com.br>:
> Hi guys,
> I've been using FR (3.0.4) to authenticate Wi-Fi users against Active
> Directory and it is working fine. But now I need to check users in SQL
> database too, like this:
>
>     SSID1 -> check for users in AD
>     SSID2 -> check for users in SQL database
>
> I've managed to get it working, but only if the other authentication method
> is disabled. Only one would work at a time.
> To get SQL working, I've either commented the ntlm_auth from
> mods-enabled/mschap or added the following to the authorize section in
> sites-enabled/inner-tunnel:
>
> ...
> update control {
>         MS-CHAP-Use-NTLM-Auth := No
> }
> mschap
> ...
>
> Removing the above and/or uncommenting the ntlm_auth line, users from AD are
> authenticated successfully but SQL users are not.
>
> I wanted to use unlang to check if the request came from a specific
> Called-Station-Id, but the inner-tunnel doesn't bring this information and
> always return false.
>
> Is there some check I can use to know where the request came from?
>
> Thank you!
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list