Accept both machine auth and user with domain auth

Trevor Jennings Trevor at
Mon Jun 27 21:21:17 CEST 2016


 Thanks guys for your help on this!! I configured 2 instances of mschap,
one for machine auth and the other for users and called the machine auth
one based on the user name containing 'host'.

Everything works well now :)  And the virtual servers is a good idea!


 - Trevor

On Mon, Jun 27, 2016 at 4:31 AM, <A.L.M.Buxey at> wrote:

> Hi,
> > When I use the unlang condition to check for host in the User-Name, would
> > it go under 'sites-enabled/default' authenticate section?
> if thats the main virtual server that requests go through - then yes.
> would advise that you create your own virtual servers
> and have the relevant client definitions pointing to them - allowing you
> trivial isolation of different policies
> (eg for eduroam, put requests form national proxies straight through a
> minimal virtual server that starts with
> permit_only_eap and then just auths - with pap,mschap,etc etc all removed
> in the outer...and only the required
> EAP method in inner.  no VLAN assign etc etc.     then your internal
> virtual server (for host auth/user auth etc)
> can have all this stuff for internal requirements...
> alan
> -
> List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list