HiI try to configure authentication via ntlm_auth to check the user group. All authentication attempts are rejected
The same configuration without checking groups is working correctly
policy.conf:
extract_ssid {
if(Called-Station-Id =~
/^([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([-a-z0-9_.]*)?/i){
update request {
Called-Station-SSID := "%{7}"
}
if (Called-Station-SSID == localnet1) {
update request{
AD-Group := WiFisec
}
}
else {
update request{
AD-Group := WiFi-public
}
}
}
else {
noop
}
}
modules/mschap
ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key
--domain=%{mschap:NT-Domain} --username=%{mschap:User-Name}
--challenge=%{mschap:Challenge:-00}
--nt-response=%{mschap:NT-Response:-00}
--require-membership-of=POMORSU+%{AD-Group}"
sites-enabed/default
authorize {
preprocess
extract_ssid
freeradius 2.1.10+dfsg-2 debian squeeze
smime.p7s
Description: S/MIME Cryptographic Signature
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
