force/require @domain/part

lejeczek peljasz at yahoo.co.uk
Tue Jun 21 15:43:13 CEST 2016


hi users,

I'm hoping this is possible, having pretty vanilla mschap & 
pap(ntlm) to tweak radius so it - for eap & pap (basically 
AD) - would fail if there is no @domain part in the request.

Like when AD domain is @private.dom.my / PRIVATE and radius 
will absolutely need this. At the moment having configs 
constructed of bits from wikis/howtos, both: 
"me at private.dom.my" and "me" get authenticated.

how to tweak?

many thanks,

L




More information about the Freeradius-Users mailing list