Post Auth and Logging Multiple MSCHAP modules

Arnab Roy arnabroy at
Mon Jun 5 17:13:57 CEST 2017

   I should have mentioned I tried this and the problem seems to be

   mschap-a ---> This guy always returns noop ?
   if (ok) {
   update request {
   Realm := "mschap-a"

   I might have inadvertently introduced this as we are not directly
   calling ntlm_auth instead it goes to a shell script which does some
   checking on ldap and tries to figure out if the user has put in a UPN
   or SAMAccountName.

   I am passing the return code from NTLM-auth as a return code for the
   bash script should this has have an impact on this ?

   What is the expected return code for sucessful auth 0/1 ?

   Many Thanks

   Sent: Monday, June 05, 2017 at 4:02 PM
   From: "Alan DeKok" <aland at>
   To: "FreeRadius users mailing list"
   <freeradius-users at>
   Subject: Re: Post Auth and Logging Multiple MSCHAP modules
   > On Jun 5, 2017, at 10:56 AM, Arnab Roy <arnabroy at> wrote:
   > Thanks Alan, that would be my preference as well. Unfortunately we
   > get some users who do not put in domain prefix/suffix...
   > So basically there isnt a way we can find out in that case ?
   Reject them if they don't use the proper domain.
   Or, use "unlang" to set the domain after they've successfully
   if (ok) {
   update request {
   Realm := "mschap-a"
   And then use that in the post-auth section.
   Alan DeKok.
   List info/subscribe/unsubscribe? See



More information about the Freeradius-Users mailing list