30 Nov
2009
30 Nov
'09
9:41 p.m.
What I think is my final problem. I'm now working to authenticate VPN users in the same scenario, using the l2tp client in windows. Looks like everything automatically picks up that it's a MSCHAP request.
Using a similar logic: DEFAULT Huntgroup-Name == VPN_Huntgroup, Ldap-Group == "VPN_Users"
The only problem is that it appears to ignore my LDAP group, and just authenticate ANY user (with a valid User ID/ Password) regardless of LDAP group.
Yes, if that DEFAULT entry doesn't match - it will get ignored. If you want authentication to fail if such conditions are not met you need to add Auth-Type to it. If there is no Fall-Through to DEFAULT forcing ntlm_auth, Auth-Type won't be set and authentication will fail. Ivan Kalik