In the current two scenarios both return Access-Accept. But: 1. Not using group options if I enter the wrong password the result is Reject for any user in the LDAP database, and using the correct password the result is Accept for any group. 2. Using group options, result is Reject if does not belong to the group, but Accept to the users in the group even if they enter wrong password because is not Authenticating. What I need is get a result of Accept only if belongs to the group and enter the correct password. In a way I could say that I need to Authorize by Group and Authenticate by User. On Wed, Apr 22, 2015 at 12:30 PM, Alan DeKok <aland@deployingradius.com> wrote:
On Apr 22, 2015, at 12:08 PM, Jose Torres-Berrocal < jetsystemservices@gmail.com> wrote:
Here is the Debug output differences with some context lines.
It's still difficult to see what's going on.
As I said on previous email, when using group options I can see on the debug that is not authenticating only authorizing, while not using group options is indeed authenticating. I can see that there is also something different about PAP.
Both debug outputs return Access-Accept.
What's the problem?
Be SPECIFIC. Don't just say "the output is different". Say I expected it to do X, and it did Y instead".
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html