AD Auth Question
Alan Buxey
alan.buxey at gmail.com
Sat Dec 30 19:19:07 CET 2017
fairly easily done - and quite common - had different requirements
when, for example, we migrated from one domain to another.
you dont want the exec ntlm_auth thing - thats a diversion, you just
use the mschap module (and configure the ntlm line in that- you want
to use unlang
and then in the authorise section of the inner-tunnel, call different
mschap modules eg
pseudo-code: (untested, quickly typed)
if (%{User-Name} ~= "@domain.com$"){
mschap-one
}
if (%{User-Name} ~= "@other.domain.com$"){
mschap-two
}
but right now you just send (proxy) all this to NPS? your aim is to
move the authentication to the FR system?
alan
More information about the Freeradius-Users
mailing list