I'm setting up a Radius environment which covers several physical sites. Usernames and passwords come from an Active Directory server via ntlm_auth. Each site has a group in the NT domain. So, it would be nice to have multiple auth-types for each area.
For clarification, I've tested my server without the Autz-type arguments (ie, only using the one mschap instance), and everything works fine. Everything also works great if I declare multiple instances of mschap, and just have the radius server search through them in order - however, this seems to be a rather inefficient way of doing things. The debug output of radiusd indicates that my modules are being loaded, but when the client authenticates, it's not done so against an auth-type. Any thoughts as to why this is not working? Here are the relevant portions of my config files: # radiusd.conf: . . . modules { . . . mschap group1 { authtype = group1 ...some config stuff... } mschap group2 { authtype = group2 ...some config stuff... } } . . . authorize { preprocess files Autz-Type group1 { group1 } Autz-Type group2 { group2 { } eap } authenticate { Auth-Type group1 { group1 } Auth-Type group2 { group2 { } eap } . . . # users DEFAULT Called-Station-Id == "00-11-22-33-44-55-66",Autz-Type := group1 DEFAULT Autz-Type = group2 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html