Jevos, Peter wrote: > Thank you for your answer, but I don't understand The documentation && debug mode is clear. Do you have a *specific* question?
> I took it from the mailing list: > http://lists.freeradius.org/mailman/htdig/freeradius-users/2010-February > /msg00046.html I see. You'll believe some random post on the list, but not the documentation, debug mode, or the main author? > I'd like to authenticate all cisco vpn clients that match the proper > domain name and password. I already have the ntlm_auth command, but I > don't know how should look like the Users file You were told what the "users" file should look like. The "Auth-Type" text goes on the FIRST line of the entry. See "man users", and the examples in the default "users" file. NONE of the examples in the default "users" file have "Auth-Type" on the second line of an entry. Alan DeKok. - Dear Alan, thank you for your answer Actually debug says : Unknown value ntlm_auth2 for attribute Auth-Type I've changed it as you adviced and I put the Auth-Type on the first place. However in the man page there is no example how to use Auth-Type and HUntgorup together. So my config is: ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{mschap:User-Name} --domain=%{%{mschap:NT-Domain}:-MYDOMAIN} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}" ntlm_auth2 = "/usr/bin/ntlm_auth --request-nt-key --username=%{mschap:User-Name} --domain=%{%{mschap:NT-Domain}:} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00} --require-membership-of='DOMAIN+vpn users'" And the user file is: user Auth-Type := ntlm_auth Service-Type = NAS-Prompt-User, cisco-avpair = "shell:priv-lvl=15" DEFAULT Auth-Type := ntlm_auth2 Huntgroup-Name == "vpn" Of course, I would prefer direct post how it should looks like, cause the documentation has lack of examples and the only source is examples from mailing list. Please, does anybody has example how to combine two ntlm_auth ? Thanks a lot pet - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html