Post Auth and Logging Multiple MSCHAP modules
Arnab Roy
arnabroy at mail.com
Mon Jun 5 17:13:57 CEST 2017
I should have mentioned I tried this and the problem seems to be
mschap-a ---> This guy always returns noop ?
if (ok) {
update request {
Realm := "mschap-a"
}
}
I might have inadvertently introduced this as we are not directly
calling ntlm_auth instead it goes to a shell script which does some
checking on ldap and tries to figure out if the user has put in a UPN
or SAMAccountName.
I am passing the return code from NTLM-auth as a return code for the
bash script should this has have an impact on this ?
What is the expected return code for sucessful auth 0/1 ?
Many Thanks
Arnab
Sent: Monday, June 05, 2017 at 4:02 PM
From: "Alan DeKok" <aland at deployingradius.com>
To: "FreeRadius users mailing list"
<freeradius-users at lists.freeradius.org>
Subject: Re: Post Auth and Logging Multiple MSCHAP modules
> On Jun 5, 2017, at 10:56 AM, Arnab Roy <arnabroy at mail.com> wrote:
>
> Thanks Alan, that would be my preference as well. Unfortunately we
can
> get some users who do not put in domain prefix/suffix...
>
> So basically there isnt a way we can find out in that case ?
Reject them if they don't use the proper domain.
Or, use "unlang" to set the domain after they've successfully
authenticated:
mschap-a
if (ok) {
update request {
Realm := "mschap-a"
}
}
And then use that in the post-auth section.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
[1]http://www.freeradius.org/list/users.html
References
1. http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list