> I have used
>
> ntlm_auth --request-nt-key --username=user --password=xxx
>      --domain=COMPANY1.LOCAL --require-membership-of=COMPANY1-VPN-USERS
>
> ntlm_auth --request-nt-key --username=otheruser --password=xxx
>      --domain=COMPANY2.LOCAL --require-membership-of=COMPANY2-VPN-USERS
>
> and I get the right answers, so looks like the settings in my krb5.conf
> are
> working, but I just can't see how to get freeradius to make the request
> this
> way.
>
> (Yes, I know the correct request will use --challenge= and --nt-response=
> but
> I'm "assuming" if I can get the rest of the request right, it'll "just
> work")

Create two mschap module instances, mschap_co1 with first ntlm_auth line
and mschap_co2 with second one. Then create redundancy inside Auth-Type
MS-CHAP (default server for mschap requests, inner-tunnel for peap):

Auth-Type MS-CHAP {
     if(Realm == "company1.local") {
          mschap_co1
     }
     elsif(Realm == "company2.local") {
          mschap_co2
     }
     else {
          mschap (or reject if you don't want to try users file, sql, ldap
or other accounts)
     }
}

Ivan Kalik
Kalik Informatika ISP

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to