I'm definately getting somewhere with this, I
appreciate your input. I thoroughly read the documentation and am close. I set
my Mysql table up like this for user chris.deramus
22 chris.deramus Vendor-Specific Microsoft ==
23 chris.deramus MS-CHAP-Domain test.my.gov ==
Then when running FreeRADIUS in debugging mode, I get this with an incoming request. As you can see in bold, it's passing the MS-CHAP-Domain in the Access Accept, however it doesn't seem to be passing to my client laptop. Maybe it's a problem with my MySQL table, maybe its a problem with how I have MS-CHAP loaded in radiusd.conf
rlm_sql: Released sql socket id: 8
modcall[authorize]: module "sql" returns ok
rlm_counter: Entering module authorize code
rlm_counter: Could not find Check item value pair
modcall[authorize]: module "counter" returns noop
users: Matched DEFAULT at 141
modcall[authorize]: module "files" returns ok
modcall[authorize]: module "mschap" returns noop
modcall: group authorize returns ok
rad_check_password: Found Auth-Type PAP
auth: type "PAP"
modcall: entering group authtype
rlm_pap: login attempt by "chris.deramus" with password yyyyyyyyyy
22 chris.deramus Vendor-Specific Microsoft ==
23 chris.deramus MS-CHAP-Domain test.my.gov ==
Then when running FreeRADIUS in debugging mode, I get this with an incoming request. As you can see in bold, it's passing the MS-CHAP-Domain in the Access Accept, however it doesn't seem to be passing to my client laptop. Maybe it's a problem with my MySQL table, maybe its a problem with how I have MS-CHAP loaded in radiusd.conf
rlm_sql: Released sql socket id: 8
modcall[authorize]: module "sql" returns ok
rlm_counter: Entering module authorize code
rlm_counter: Could not find Check item value pair
modcall[authorize]: module "counter" returns noop
users: Matched DEFAULT at 141
modcall[authorize]: module "files" returns ok
modcall[authorize]: module "mschap" returns noop
modcall: group authorize returns ok
rad_check_password: Found Auth-Type PAP
auth: type "PAP"
modcall: entering group authtype
rlm_pap: login attempt by "chris.deramus" with password yyyyyyyyyy
rlm_pap: Using password
690d96285de94b9e7138e3d9d687ce3e for user chris.deramus
authentication.
rlm_pap: Using MD5 encryption.
rlm_pap: User authenticated succesfully
modcall[authenticate]: module "pap" returns ok
modcall: group authtype returns ok
Login OK: [chris.deramus/yyyyyyyy ] (from client 192.168.0.2 port 1008)
Sending Access-Accept of id 2 to 192.168.0.2:1026
Framed-IP-Address = 192.168.1.20
Vendor-Specific = 0x4d6963726f736f6674
MS-CHAP-Domain = "test.my.gov"
rlm_pap: Using MD5 encryption.
rlm_pap: User authenticated succesfully
modcall[authenticate]: module "pap" returns ok
modcall: group authtype returns ok
Login OK: [chris.deramus/yyyyyyyy ] (from client 192.168.0.2 port 1008)
Sending Access-Accept of id 2 to 192.168.0.2:1026
Framed-IP-Address = 192.168.1.20
Vendor-Specific = 0x4d6963726f736f6674
MS-CHAP-Domain = "test.my.gov"
I bolded the sections that I found
to be of interest, I'm assuming the returned noop means that the module isn't
loaded, or isn't doing anything? I have the MS-CHAP module loaded in the
authorization section, should it be loaded in a different section of
radiusd.conf ?
Thanks for the help and
patience.
Chris
-----Original Message-----
From: Alan
DeKok [mailto:[EMAIL PROTECTED]]
Sent: Monday, July 22,
2002 9:58 AM
To: [EMAIL PROTECTED]
Subject: Re: Cannot
find a Domain attribute ??
"Deramus, Chris"
<[EMAIL PROTECTED]> wrote:
> Sorry for the confusion, I meant
I have to return that Domain attribute to
> the NAS, we have different
program offices with resources on different
> domains.
You
can return the MS-CHAP-Domain domain attribute in
the
Access-Accept.
Alan DeKok.
-
List
info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
