freerad...@corwyn.net wrote: > so if ./users: > DEFAULT Huntgroup-Name == Cisco_Huntgroup, Auth-Type:=ntlm_auth, > Ldap-Group == "Infrastructure" > > Service-Type:=NAS-Prompt-User,cisco-avpair:="shell:priv-lvl=15", > DEFAULT Huntgroup-Name == VPN_Huntgroup, Auth-Type:=ntlm_auth, > Ldap-Group == "VPN_Users" > > it should work?
No. > I think even with the Auth-Type specified as ntm_auth, > a Auth-Type is being set, as it's finding MSCHAP for me: Because the NAS is sending MS-CHAP requests. > from my server config, that stops it from being found, but then I lose > the password for ntlm_auth I think: Because you've forced the "ntlm_auth" module to be run. That module ONLY checks clear-text passwords, and there is NO clear-text password in the request. Change the line having ... Auth-Type := ntlm_auth, ... to ... Auth-Type = ntlm_auth, ... And read "man users" to see what the difference is. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html