Post Auth and Logging Multiple MSCHAP modules

Arnab Roy arnabroy at mail.com
Mon Jun 5 17:13:57 CEST 2017


   I should have mentioned I tried this and the problem seems to be

   mschap-a ---> This guy always returns noop ?
   if (ok) {
   update request {
   Realm := "mschap-a"
   }
   }

   I might have inadvertently introduced this as we are not directly
   calling ntlm_auth instead it goes to a shell script which does some
   checking on ldap and tries to figure out if the user has put in a UPN
   or SAMAccountName.

   I am passing the return code from NTLM-auth as a return code for the
   bash script should this has have an impact on this ?

   What is the expected return code for sucessful auth 0/1 ?

   Many Thanks
   Arnab


   Sent: Monday, June 05, 2017 at 4:02 PM
   From: "Alan DeKok" <aland at deployingradius.com>
   To: "FreeRadius users mailing list"
   <freeradius-users at lists.freeradius.org>
   Subject: Re: Post Auth and Logging Multiple MSCHAP modules
   > On Jun 5, 2017, at 10:56 AM, Arnab Roy <arnabroy at mail.com> wrote:
   >
   > Thanks Alan, that would be my preference as well. Unfortunately we
   can
   > get some users who do not put in domain prefix/suffix...
   >
   > So basically there isnt a way we can find out in that case ?
   Reject them if they don't use the proper domain.
   Or, use "unlang" to set the domain after they've successfully
   authenticated:
   mschap-a
   if (ok) {
   update request {
   Realm := "mschap-a"
   }
   }
   And then use that in the post-auth section.
   Alan DeKok.
   -
   List info/subscribe/unsubscribe? See
   [1]http://www.freeradius.org/list/users.html

References

   1. http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list