On 08/19/2014 11:39 PM, Roberto Pantoja wrote:
> you can do something similar to this:
Hello Roberto,
to add another example, in case your users are in different databases
and you have to try them all to find out the correct, instead of this:
> <Handler TunnelledByPEAP=1>
> AuthByPolicy ContinueUntilAcceptOrChallenge
>
> # ActiveDirectory Group 1
> <AuthBy NTLM>
...
> </AuthBy>
>
> # ActiveDirectory Group 2
> <AuthBy NTLM>
...
> </AuthBy>
> </Handler>
you could do this:
<Handler TunnelledByPEAP=1>
Identifier inner-pea
AuthByPolicy ContinueWhileReject
<AuthBy FILE>
Identifier auth-file1
Filename %D/users1
EAPType MSCHAP-V2
</AuthBy>
<AuthBy FILE>
Identifier auth-file2
Filename %D/users2
EAPType MSCHAP-V2
</AuthBy>
</Handler>
The above will work as long as the user is in either of the files
(users1 or users2) and the check attributes pass.
Thanks,
Heikki
--
--
Heikki Vatiainen <[email protected]>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
_______________________________________________
radiator mailing list
[email protected]
http://www.open.com.au/mailman/listinfo/radiator
