Where is your "files" declaration in the authorize section? Do you see the server looking at your users file in the debug messages? If the users file is never processed, I don't think Autz-Type will be set as you intend.
<br><br>Try <br>authorize {<br> preprocess<br> files<br> eap<br> mschap<br> Autz-Type LDAP {<br> ldap<br> }<br> Autz-Type LDMS {<br> ldap
<br> sql<br> }<br>}<br><br><br>Regards,<br>Lin<br><br><br><br><div><span class="gmail_quote">On 9/15/06, <b class="gmail_sendername">Rob Shepherd</b> <<a href="mailto:rob@techniumcast.com">rob@techniumcast.com
</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><a href="mailto:Garrett.Marks@wichita.edu">Garrett.Marks@wichita.edu</a>
wrote:<br>><br>><br>><br>> > Rob Shepherd wrote:<br>> > TYPO!<br>> ><br>> > DEFAULT HuntGroup-Name == ciscovpnc<br>> > Autz-Type := ldap<br>> ><br>> > ...is how it looks in raddb/user.
<br>><br>> You need to put the Autz-Type on the first line as a check item.<br>><br>> DEFAULT HuntGroup-Name == ciscovpnc, Autz-Type := ldap<br><br>Thanks to Alan D. and Garret M. for their comments..<br><br>However , neither ldap nor sql are checked at all in any case now. I've
<br>not quite got it right....<br><br>I've since ditched declaring raddb/huntgroups, as a simplifying<br>exercise. I'm checking for NAS-IP-Address instead in raddb/users.<br><br>raddb/users now looks like this<br><br><br>
DEFAULT Auth-Type := PAP<br> Fall-Through = yes<br><br># wlan controller - needs LDAP and MySQL<br>DEFAULT NAS-IP-Address == <a href="http://172.16.6.4">172.16.6.4</a>, Autz-Type := LDMS<br> Tunnel-Type = VLAN,
<br> Tunnel-Medium-Type = IEEE-802,<br> Fall-Through = yes<br><br># vpn concentrator - only LDAP<br>DEFAULT NAS-IP-Address == <a href="http://10.1.33.4">10.1.33.4</a>, Autz-Type := LDAP<br> Fall-Through = yes
<br><br><br>radiusd has this..<br><br>authorize {<br> preprocess<br> eap<br> mschap<br> Autz-Type LDAP {<br> ldap<br> }<br> Autz-Type LDMS {<br> ldap
<br> sql<br> }<br>}<br><br>The modules section is as it was when wireless was working. I can see<br>with -X that the ldap and sql modules are instantiated fine.<br><br>Here's the only processing that is done.
<br><br>Processing the authorize section of radiusd.conf<br>modcall: entering group authorize for request 0<br> modcall[authorize]: module "preprocess" returns ok for request 0<br> rlm_eap: No EAP-Message, not doing EAP
<br> modcall[authorize]: module "eap" returns noop for request 0<br> modcall[authorize]: module "mschap" returns noop for request 0<br>modcall: leaving group authorize (returns ok) for request 0<br>
auth: No authenticate method (Auth-Type) configuration found for the<br>request: Rejecting the user<br>auth: Failed to validate the user.<br><br><br>If anybody would be so kind as to point me in the right direction....<br>
<br>Thanks IA<br><br>Rob<br><br>--<br>Rob Shepherd | Computer and Network Engineer | Technium CAST | LL57 4HJ<br><a href="mailto:rob@techniumcast.com">rob@techniumcast.com</a> | 01248 675024 | 077988 72480<br>-<br>List info/subscribe/unsubscribe? See
<a href="http://www.freeradius.org/list/users.html">http://www.freeradius.org/list/users.html</a><br></blockquote></div><br>