I've ported all my freeradius user files/info to mysql. I have a groups setup with a few users in each. However, when I attempt to login to the VPN freeradius debug shows the proxy to the SBR server. SBR returns an access-accept message and the user is logged into the VPN. Uh oh - the user I attempted to login with was not listed in radcheck or usergroup. What do I need to do to have freeradius reject the auth request (even if the proxied SBR reponse was access-accept) if the user isn't part of a 'VPN' group? --- Alan DeKok <aland@deployingradius.com> wrote:
Josh <josh2780@yahoo.com> wrote:
I'm actually running Funk (Juniper) Steel-Belted Radius on the windows box. I'm working out issues with the user profiles on that box... I was hoping to let freeradius take care of who had access to proxy (if possible).
"man rlm_passwd"
Put the users into a group, and for people not in the "VPN" group, disallow them access to the VPN.
Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
__________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com