At 02:33 PM 11/23/2009, Paul Ryszka wrote:
On Mon, 2009-11-23 at 13:35 -0500, freerad...@corwyn.net wrote:
> Am I going to have to do something like create different modules
> (ntlm_auth and ntlm_auth2) radiusd.conf in the module section?
You need to create two separate entries in modules having two mschap
entries .. sth like :
mschap mschap_group1 {
...
ntlm_auth = "your first ntlm_auth command"
}
mschap mschap_group2 {
...
ntlm_auth = "your second ntlm_auth command"
}
and then have the respective mschaps used in the respective virtual
servers for each client.
I currently have (working)
exec ntlm_auth {
wait = yes
program = "/usr/bin/ntlm_auth ntlm_auth
--request-nt-key --domain=int.invtitle.com
--username=%{mschap:User-Name} --password=%{User-Password}
--require-membership-of=int.example.com+VPN_Users"
}
so I'm not sure how that relates to mschap groups? I don't currently
have a mschap group at all currently in the radiusd.conf file.
Would I just create
exec ntlm_auth_2 {
wait = yes
program = "/usr/bin/ntlm_auth ntlm_auth
--request-nt-key --domain=int.invtitle.com
--username=%{mschap:User-Name} --password=%{User-Password}
--require-membership-of=int.example.com+Cisco_Users"
}
And how do I control which group is used for auth from a specific client?
Rick
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html