Hi, > > Hi All: > > My name is Charles and I need to "Configure my FreeRadius to use ntlm_auth" > to authenticate NT users. > Actually, I am getting to do this for only one NT group, but I need to do > this for more NT groups. > > My configuration in "radius.conf" for ntlm_auth for one NT group is: > > exec win_domain { > wait = yes > input_pairs = request > output_pairs = reply > program = "/usr/local/bin/ntlm_auth --request-nt-key > --domain=COPEL --username=%{User-Name:-None} --password=%{User-Password} > --require-membership-of=COPEL\\Group1" > } > > My environment is: FreeBSD 6.2 + Samba 3.0.26a + freeradius 1.1.7 > > How can I do this configuration for more than one NT group ? Any idea ? > Thanks, > Charles.
does the domain come through as part of the request? if so you can simply use the example ntlm_auth to do the substitution . if not...well, you could so a large check table where every auth is tried until one works....and if none work then they get rejected. bit messy but redundant auth statements work okay and are very handy - eg for what you migrate to a new AD system but half of users are still in the old one or in a DB etc. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html