ldap huntgroups and groups
alan walters
alan at aillweecave.ie
Tue May 31 12:04:16 CEST 2005
Continuing with huntgroups and groups. I followed the most recent
instructions below.
The client uses the default group below.
I see the reply message come through in the request
But the request gets access accept instead of access reject?????
>
>
########################################################################
> #
> ### default ldap group does not succeed
>
########################################################################
> ##
>
> DEFAULT Auth-Type := Reject
> Reply-Message = "sorry you are not allowed to dial in
here"
>
The reply message should go on the second line on this one. Reply
message
is not a check item. Also, technically, you don't need Simultaneous
User,
since they are being rejected this session will never be added.
Your user was found in a group, however, it should have been rejected
since you have fall-though = 1 (yes). It should have fallen through to
the default reject line. Note: This is probably not what you want,
because all users will be rejected when you fix the Reject line. I
would
change Fall-Through = no (0), to all your Ldap-Group entries above it.
Move the Reply-Message to the second line.
DEFAULT Auth-Type := Reject
Reply-Message = "You cannot dial in here"
More information about the Freeradius-Users
mailing list