I insert in my users file this configuration item:
DEFAULT Huntgroup-Name == wi-fi, Ldap-Group == "wifi", EAP-Type == PEAP, Auth-Type := Reject
DEFAULT Huntgroup-Name == wi-fi, Ldap-Group == "wifi", EAP-Type == TLS Fall-Through = No
DEFAULT Ldap-Group == "user", Huntgroup-Name == user Fall-Through = No
The fist DEFAULT should reject the request if the EAP-type is PEAP, while the second DEFAULT should accept only the request if the EAP is TLS .... i think :-))
but during the test i note that if i force wifi in PEAP, the request is reject from the second default, and not in the fist, this is the log:
Wed Jun 24 14:02:36 2009 : Debug: users: Matched entry DEFAULT at line 3 ( line 3 is the second DEFAULT )
the reject is because it dont is able to oepn tls
If i try in TLS the system accept the request....
The questions is....Why the Peap request dont match the fist DEFAULT ?
Because peap is treated as subsection of tls. Use listen section to direct requests from wi-fi huntgroup clients to one virtual server and user to another. Create two eap instances - one standard, and one without peap configured. Use the one with peap disabled in virtual server which processes wi-fi requests. Ivan Kalik Kalik Informatika ISP