Login OK: [host/dnps-caplap-4.col.missouri.edu] (from client test-wss2380 port
573 cli 00-90-4B-2F-80-B4)
+- entering group post-auth {...}
++[exec] returns noop
} # server campus-eap
Sending Access-Accept of id 179 to 128.206.131.253 port 20009
Cool.
Bad news:
I have a multi-domain environment. If I hard-code the domain in here, then
only users or hosts from that domain will be able to authenticate. How can I
make it recognize the others and behave correctly?
It's fine if I have to write some code using string matching and switch/case.
But I can't restrict access to only one domain.
I think you'll have to do that. The tedious bit is matching the domains
in the regexps.
My advice would be to define a local, internal-only attribute in
/etc/raddb/dictionary:
ATTRIBUTE My-NT-Domain 3003 string
...and set this in your regexps:
if (User-Name =~ /host[/].+[.]domain.com/) {
update request {
My-NT-Domain = "DOMAIN.COM"
}
}
elsif (...) {
}
...then in your ntlm_auth helper, do:
ntlm_auth = "... --domain=%{My-NT-Domain:-DEFAULTVALUE} ..."
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
