Hi
I installed the Freeradius and I'd like to authenticate cisco vpn
clients against AD
Clients are autheticated thorugh domainame\username and password and
they need to be a members of the AD group
I have already running AD authentication but with the access to the
router ( priv level 15 )
What shoud I set in the users file ?
My current seetings is:
Users:
user Auth-Type := ntlm_auth
Service-Type = NAS-Prompt-User,
cisco-avpair = "shell:priv-lvl=15"
Mschap:
ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key
--username=%{mschap:User-Name}
--domain=%{%{mschap:NT-Domain}:-DOMAINNAME}
--challenge=%{mschap:Challenge:-00}
--nt-response=%{mschap:NT-Response:-00}"
Then I added another ntlm authentication for the VPN Cisco clients:
ntlm_auth2 = "/usr/bin/ntlm_auth --request-nt-key
--username=%{mschap:User-Name} --domain=%{mschap:NT-Domain:}
--challenge=%{mschap:Challenge:-00}
--nt-response=%{mschap:NT-Response:-00}
--require-membership-of='SOMEDOMAIN+domain users'"
And I added this lines into users file:
DEFAULT Huntgroup-Name == "vpn"
Auth-Type := ntlm_auth2
Huntgroup file:
vpn NAS-IP-Address == x.x.x.x , NAS-Port-Type == "Virtual"
But it doesn't work
When I run command "ntlm_auth --request-nt-key --username=MYNAME
--require-membership-of='SOMEDOMAIN+domain users'" , it works
Can somebody help me how should look Users file
Thanks
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
