Hi all,
Thanks to everyone for their help. I seem to have generated quite a bit of
discussion so I thought I'd summarise where I'm "up to" in case it helps.
I have a server successfully authenticating users using eap-mschapv2 or
eap-ttls for eduroam and wired 802.1x. I'm now trying to expand the system to
include authorisation/authentication for console and telnet access to cisco
switches.
For telnet access, I now have:
A new file modules/ntlm_auth which contains,
exec ntlm_auth {
wait = yes
program = "/usr/sfw/bin/ntlm_auth --request-nt-key
--username=%{User-Name} --password=%{User-Password}"
}
At the end of the users file,
DEFAULT NAS-Port-Type = Virtual, NAS-IP-Address = x.x.x.x, Auth-Type :=
ntlm_auth
And at the end of the sites-enabled/default and sites-enabled/inner-tunnel
authenticate sections, immediately after eap
ntlm_auth
It works though interestingly (for me at least) if I comment out ntlm_auth from
the inner-tunnel file, the server fails to start with an
"Unknown value ntlm_auth for attribute Auth-Type" error. I don't understand
that as I don't want to use this authentication method with peap!
Obviously the users entry above only works for a single switch as the IP
address is specified. Next step is to specify groups of switches.
Thanks again,
Leighton
---
This transmission is confidential and may be legally privileged. If you receive
it in error, please notify us immediately by e-mail and remove it from your
system. If the content of this e-mail does not relate to the business of the
University of Huddersfield, then we do not endorse it and will accept no
liability.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
