Garrett.Marks@wichita.edu wrote:
Rob Shepherd wrote: TYPO!
DEFAULT HuntGroup-Name == ciscovpnc Autz-Type := ldap
...is how it looks in raddb/user.
You need to put the Autz-Type on the first line as a check item.
DEFAULT HuntGroup-Name == ciscovpnc, Autz-Type := ldap
Thanks to Alan D. and Garret M. for their comments.. However , neither ldap nor sql are checked at all in any case now. I've not quite got it right.... I've since ditched declaring raddb/huntgroups, as a simplifying exercise. I'm checking for NAS-IP-Address instead in raddb/users. raddb/users now looks like this DEFAULT Auth-Type := PAP Fall-Through = yes # wlan controller - needs LDAP and MySQL DEFAULT NAS-IP-Address == 172.16.6.4, Autz-Type := LDMS Tunnel-Type = VLAN, Tunnel-Medium-Type = IEEE-802, Fall-Through = yes # vpn concentrator - only LDAP DEFAULT NAS-IP-Address == 10.1.33.4, Autz-Type := LDAP Fall-Through = yes radiusd has this.. authorize { preprocess eap mschap Autz-Type LDAP { ldap } Autz-Type LDMS { ldap sql } } The modules section is as it was when wireless was working. I can see with -X that the ldap and sql modules are instantiated fine. Here's the only processing that is done. Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 modcall: leaving group authorize (returns ok) for request 0 auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. If anybody would be so kind as to point me in the right direction.... Thanks IA Rob -- Rob Shepherd | Computer and Network Engineer | Technium CAST | LL57 4HJ rob@techniumcast.com | 01248 675024 | 077988 72480