Hi,
Thanks for the response.
Unfortunately, these particular users don't have realms in their usernames, so
I think I will still need to go with multiple mschap modules, like Alan
suggested. I just confirmed that there is a two way trust, so I think I should
be able to figure it out from here!
Thanks again,
Dave A.
On 2012-07-16, at 11:23 AM, Francois Gaudreault wrote:
Hi David,
If your domains have trust configured (which I hope), use REALMS (proxy.conf).
Add the --domain %{Realm} to your ntlm_auth line, and you should be OK.
If you domains doesn't have a trust, then you are in trouble. You can only
join the server to 1 domain, so ntlm_auth will always fail for one of the two
domain.
Hope it helps!
On 12-07-16 11:12 AM, David Aldwinckle wrote:
> Hello,
>
> I currently use PEAP and the mschap module to call ntlm_auth and authenticate
> against Active Directory. The FreeRadius server is currently joined to
> domain1.
>
> It may come about in the near future that I need to query two different
> domains before failing a request. Unlang says I can do this:
>
> redundant {
> mschap.domain1
> mschap.domain2
> }
>
> Where mschap.domain{1,2} are copies of the stock mschap module, with the new
> domain plugged in.
>
> Will this work? Do I need to change the Samba configuration?
>
> In a quick test, with the server in domain1, I ran ntlm_auth and specified
> domain2, which failed to authenticate the user.
>
> Thanks,
> Dave A.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
--
Francois Gaudreault, ing. jr
fgaudrea...@inverse.ca :: +1.514.447.4918 (x130) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
