On 13/10/10 14:40, Harry Hoffman wrote:
Hi Alan,
Thanks for the help! This works well and lessens the confusion on my
part.
I do have one question. When using ldap as the authorization module the
Auth-Type gets set properly to siteone_ldap. But if I try using
That's a feature of the "ldap" module; if it is a "named" module it sets
the Auth-Type to that name (otherwise using "LDAP")
ntlm_auth then the Auth-Type is not set even though ntlm_auth returns
OK.
The (confusingly named) "ntlm_auth" module is actually a copy of the
"exec" module which checks PAP requests; it does not have that feature.
You are also using it wrong, by running it in the "authorize" section.
You want something like:
authorize {
if (Realm == ...) {
ldap_siteone
}
elsif (Realm == ...) {
update control {
Auth-Type := PAP-ntdom
}
}
}
authenticate {
Auth-Type ldap_siteone {
ldap_siteone
}
Auth-Type PAP-ntdom {
ntlm_auth
}
}
I guess the other alternative is:
authorize {
if (Realm == ...) {
ldap_siteone
}
elsif (Realm == ...) {
ntlm_auth
if (ok) {
update control {
Auth-Type := PAP-ntdom
}
}
}
}
...but maybe it's not really what you should be doing; "authenticate"
should happen after "authorize"
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html