Hi I installed the Freeradius and I'd like to authenticate cisco vpn clients against AD Clients are autheticated thorugh domainame\username and password and they need to be a members of the AD group
I have already running AD authentication but with the access to the router ( priv level 15 ) What shoud I set in the users file ? My current seetings is: Users: user Auth-Type := ntlm_auth Service-Type = NAS-Prompt-User, cisco-avpair = "shell:priv-lvl=15" Mschap: ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{mschap:User-Name} --domain=%{%{mschap:NT-Domain}:-DOMAINNAME} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}" Then I added another ntlm authentication for the VPN Cisco clients: ntlm_auth2 = "/usr/bin/ntlm_auth --request-nt-key --username=%{mschap:User-Name} --domain=%{mschap:NT-Domain:} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00} --require-membership-of='SOMEDOMAIN+domain users'" And I added this lines into users file: DEFAULT Huntgroup-Name == "vpn" Auth-Type := ntlm_auth2 Huntgroup file: vpn NAS-IP-Address == x.x.x.x , NAS-Port-Type == "Virtual" But it doesn't work When I run command "ntlm_auth --request-nt-key --username=MYNAME --require-membership-of='SOMEDOMAIN+domain users'" , it works Can somebody help me how should look Users file Thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html