allowing multiple Auth-Type in authorize file
Niels Tomey
niels at ixs.ph
Sat Mar 23 15:28:19 CET 2019
Hi,
I’ve set up freeradius 3.0.17 quite some time ago to process ssh logins
based on LDAP/AD accounts (with group membership in post-auth) and this
works fine. I followed the guide on deployingradius.com (
http://deployingradius.com/documents/configuration/active_directory.html),
but haven’t implemented the mschap section as I didn’t need it at the time.
Now I am running into this need and I was trying to figure out why it
wasn’t working only to discover that I left the
DEFAULT Auth-Type = ntlm_auth
Line in the mods-config/files/authorize file. As expected this breaks my
attempts to include mschap.
My problem is that this is the only non-commented line in the entire file,
so rather than just delete the line I need to enter some other information
here to prevent the
ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject
In the comments in the file it states that multiple DEFAULTs can be used
with Fall-Through so I tried this:
DEFAULT Auth-Type = ntlm_auth
Fall-Through = Yes
DEFAULT Auth-Type = mschap
But this doesn’t work. What is the best approach for this? I would like to
avoid having to name my users here since they are in ldap already and I
don’t know if a device will only authenticate using mschap or not (e.g. it
will be difficult to split this out in the clients.conf file).
My google skills are letting me down on this, some pointers in the right
direction would be very much appreciated.
Regards,
Niels
More information about the Freeradius-Users
mailing list