[RADIATOR] PEAP and realm check
Heikki Vatiainen
hvn at open.com.au
Tue Aug 19 16:48:27 CDT 2014
On 08/19/2014 11:39 PM, Roberto Pantoja wrote:
> you can do something similar to this:
Hello Roberto,
to add another example, in case your users are in different databases
and you have to try them all to find out the correct, instead of this:
> <Handler TunnelledByPEAP=1>
> AuthByPolicy ContinueUntilAcceptOrChallenge
>
> # ActiveDirectory Group 1
> <AuthBy NTLM>
...
> </AuthBy>
>
> # ActiveDirectory Group 2
> <AuthBy NTLM>
...
> </AuthBy>
> </Handler>
you could do this:
<Handler TunnelledByPEAP=1>
Identifier inner-pea
AuthByPolicy ContinueWhileReject
<AuthBy FILE>
Identifier auth-file1
Filename %D/users1
EAPType MSCHAP-V2
</AuthBy>
<AuthBy FILE>
Identifier auth-file2
Filename %D/users2
EAPType MSCHAP-V2
</AuthBy>
</Handler>
The above will work as long as the user is in either of the files
(users1 or users2) and the check attributes pass.
Thanks,
Heikki
--
--
Heikki Vatiainen <hvn at open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
More information about the radiator
mailing list