Post Auth and Logging Multiple MSCHAP modules
Alan DeKok
aland at deployingradius.com
Mon Jun 5 16:45:55 CEST 2017
On Jun 5, 2017, at 10:16 AM, Arnab Roy <arnabroy at mail.com> wrote:
> I have multiple MSCHAP definitions in my setup each pointing to
> different ad domains and all is working well. The authenticate section
> is defined as such
>
> Auth-Type MS-CHAP {
> mschap-a {
> reject
> =2
> }
> if(reject) {
>
> mschap-b
>
> reject=2
> }
> }
You *should* be deciding what domain to use up front, and then selecting the appropriate MS-CHAP module based on that. That way, the "mschap-a" module doesn't get overloaded with requests which really should be for "mschap-b"
>
> Now I am trying to check in post auth if user authenticated via
> mschap-a go to VLAN A(vsa) else goto VLAN B(vsa). What I cant figure
> out is how do I reference these in the post auth block as if I try
> looking for return code from the modules
You decide which domain it is at the start, and use that to do VLAN assignment.
> Also I need to log in linelog which mschap module authenticated the
> user ?
You decide which domain it is at the start, and use that in the logs.
Alan DeKok.
More information about the Freeradius-Users
mailing list