denying access to user from device

Rob Shepherd rob at techniumcast.com
Thu Sep 14 18:48:35 CEST 2006


Rob Shepherd wrote:
> Dear freeradiuseers,
> 
> I have my wireless network working great... PEAP supplicants are 
> authenticated from either LDAP or MySQL and the appropriate 
> Tunnel-Private-Group-ID is set to allocate the correct vlan.
> 
> I also have a cisco VPN concentrator. I must only allow ldap users to 
> authenticate to this. mysql users mustn't get a look in...
> 
> I tried making a huntgroup in raddb/huntgroups...
> 
> ciscovpnc       NAS-IP-Address == 10.1.33.4
> 
> then in raddb/users...
> 
> DEFAULT HuntGroup-Name == ciscovpnc
>         Autz-Type = ldap
> 
> however sql is still checked.
> 
> Could some body shove me in the right direction..
> 
> Cheers
> 
> Rob
> 
> 
> 
> 

TYPO!

DEFAULT HuntGroup-Name == ciscovpnc
         Autz-Type := ldap

...is how it looks in raddb/user.


Oh, and I tried various combos of

Autz-Type ldap{
	ldap
}

in authorize{ too. No joy.

Thanks IA

Rob


-- 
Rob Shepherd | Computer and Network Engineer | Technium CAST | LL57 4HJ
rob at techniumcast.com | 01248 675024 | 077988 72480



More information about the Freeradius-Users mailing list