LDAP Auth
Alan DeKok
aland at deployingradius.com
Fri Jun 5 14:23:12 CEST 2009
Dave Rummel wrote:
> In order for me to just grasp the concept, I have tried this in the
> users file, o=lookout is our complete list of all of our users
>
> DEFAULT Huntgroup-Name == CiscoAdmin, Ldap-Group == "o=lookout"
> Fall-Through = no
>
> DEFAULT Auth-Type := Reject
>
> If I comment out the Reject, the user is able to authenticate to the
> Cisco Router, as soon as uncomment it out, I get rejected...here is the
> log file from it.
Yes. Because the "users" file isn't the *only* source of
configuration in the server. If you comment out the "Reject" line, the
previous line does almost nothing.
I would suggest using "unlang" to write the policies. It is a LOT
more straightforward than the "users" file, and it is well integrated
into the server.
> The line I am really trying to understand is this one, where is this
> line 11 ?
>
> *Thu Jun 4 16:15:52 2009 : Debug: attr_filter: Matched entry DEFAULT
> at line 11
See the configuration for the "attr_filter" module.
Alan DeKok.
More information about the Freeradius-Users
mailing list