Jevos, Peter wrote: > user Auth-Type := ntlm_auth > Service-Type = NAS-Prompt-User, > cisco-avpair = "shell:priv-lvl=15" ... > And I added this lines into users file: > DEFAULT Huntgroup-Name == "vpn" > Auth-Type := ntlm_auth2
What is "Auth-Type" on the first line for "user", and on the second for "DEFAULT"? See "man users" Run the server in debugging mode. It WILL complain about the "Auth-Type" being on the second line. Alan DeKok. - HI alan Thank you for your answer, but I don't understand I took it from the mailing list: http://lists.freeradius.org/mailman/htdig/freeradius-users/2010-February /msg00046.html I'd like to authenticate all cisco vpn clients that match the proper domain name and password. I already have the ntlm_auth command, but I don't know how should look like the Users file My ntlm_auth is: ntlm_auth2 = "/usr/bin/ntlm_auth --request-nt-key --username=%{mschap:User-Name} --domain=%{mschap:NT-Domain:} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00} --require-membership-of='SOMEDOMAIN+domain users'" I'm using ntlm_auth2 because ntlm_auth is already used ( for the router access ) Thanks pet - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html