On 16/07/12 16:12, David Aldwinckle wrote:
Hello,
I currently use PEAP and the mschap module to call ntlm_auth and authenticate
against Active Directory. The FreeRadius server is currently joined to domain1.
It may come about in the near future that I need to query two different domains
before failing a request. Unlang says I can do this:
redundant {
mschap.domain1
mschap.domain2
}
Where mschap.domain{1,2} are copies of the stock mschap module, with the new
domain plugged in.
Will this work?
No. As has been explained, you need a domain trust to do this.
There are other ways to do it (2 copies of samba, different smb.conf
files, join each copy to each domain, use logic to pick the correct
mschap module) but they are messy and error prone.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html