Line 204 in my users file is the following:
DEFAULT Auth-Type := Reject
My MySQL databse also stores huntgroup information for the FreeRadius server. I want to reject authentication by default on all my nas devices unless the usergroup which the user belongs to is allowed to access that huntgroup.
I've basically followed this guide:
http://wiki.freeradius.org/SQL_Huntgroup_HOWTO
my radhuntgroup config:
+----+-----------+----------------+----------------+------------------+
| id | groupname | nasipaddress | nasportid | usergroup |
+----+-----------+----------------+----------------+------------------+
| 1 | admin | 192.168.1.1 | tty | engineeringadmin |
my radgroupcheck config:
+----+------------------+----------------+----+----------------+
| id | groupname | attribute | op | value |
+----+------------------+----------------+----+----------------+
| 5 | engineeringadmin | Huntgroup-Name | == | admin |
| 6 | engineeringadmin | Auth-Type | := | Accept |
Hi,
whats on line 204 or your users file? the reason why I ask is because......
> users: Matched entry DEFAULT at line 204
> ++[files] returns ok
see that? the system has been told that the Auth-Type is Accept.
> rlm_pap: Found existing Auth-Type, not changing it.
> ++[pap] returns noop
> rad_check_password: Found Auth-Type Accept
> rad_check_password: Auth-Type = Accept, accepting the user
> Login OK: [john.doe] (from client routerA port 1 cli 192.168.1.1)
the only place it picked that yup from is the users file.
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html