Accept both machine auth and user with domain auth
Trevor Jennings
Trevor at simple101.com
Mon Jun 27 21:21:17 CEST 2016
Hello,
Thanks guys for your help on this!! I configured 2 instances of mschap,
one for machine auth and the other for users and called the machine auth
one based on the user name containing 'host'.
Everything works well now :) And the virtual servers is a good idea!
Cheers,
- Trevor
On Mon, Jun 27, 2016 at 4:31 AM, <A.L.M.Buxey at lboro.ac.uk> wrote:
> Hi,
>
> > When I use the unlang condition to check for host in the User-Name, would
> > it go under 'sites-enabled/default' authenticate section?
>
> if thats the main virtual server that requests go through - then yes.
> would advise that you create your own virtual servers
> and have the relevant client definitions pointing to them - allowing you
> trivial isolation of different policies
> (eg for eduroam, put requests form national proxies straight through a
> minimal virtual server that starts with
> permit_only_eap and then just auths - with pap,mschap,etc etc all removed
> in the outer...and only the required
> EAP method in inner. no VLAN assign etc etc. then your internal
> virtual server (for host auth/user auth etc)
> can have all this stuff for internal requirements...
>
>
> alan
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list