freeradius 3 ntln_auth
Anderson Gomes
anderson at tvfronteira.com.br
Wed Sep 21 16:38:54 CEST 2016
Hello,
I have implemented in my centos7 freeradius 3 so far succeeded,
authenticate users through Active Directory using ntlm_auth however
I'm having trouble implementing rules at the level of user groups to
determine which user can authenticate each SSID i tryed implement what
it says on the link bellow, but I did not succeed.
https://lists.freeradius.org/pipermail/freeradius-users/2014-August/073474.html
if (NAS-Port-Type == Wireless-802.11) {
# If User-Name doesn't contain our domain then add it.
# It's needed for the Group check to use the correct
# username.
if (User-Name !~ /DOMAIN\\\\/i) {
update request {
User-Name := "DOMAIN\\\\%{User-Name}"
}
}
if (Called-Station-Id =~ /.*:SSID-A/i) {
# Can't do 'if (Group != "xxxxx")' because !=
# operator doesn't work for group checking. Careful
# with the number of backslashes.
if (!(Group == "DOMAIN\\\\group A") ) {
update reply {
Reply-Message = "User not
allowed to join this wireless network"
}
reject
}
}
elsif (Called-Station-Id =~ /.*:SSID-B/i) {
if (!(Group == "DOMAIN\\\\group B") ) {
update reply {
Reply-Message = "User not
allowed to join this wireless network"
}
reject
}
}
}
More information about the Freeradius-Users
mailing list