Dave Rummel wrote:
In order for me to just grasp the concept, I have tried this in the users file, o=lookout is our complete list of all of our users
DEFAULT Huntgroup-Name == CiscoAdmin, Ldap-Group == "o=lookout" Fall-Through = no
DEFAULT Auth-Type := Reject
If I comment out the Reject, the user is able to authenticate to the Cisco Router, as soon as uncomment it out, I get rejected...here is the log file from it.
Yes. Because the "users" file isn't the *only* source of configuration in the server. If you comment out the "Reject" line, the previous line does almost nothing. I would suggest using "unlang" to write the policies. It is a LOT more straightforward than the "users" file, and it is well integrated into the server.
The line I am really trying to understand is this one, where is this line 11 ?
*Thu Jun 4 16:15:52 2009 : Debug: attr_filter: Matched entry DEFAULT at line 11
See the configuration for the "attr_filter" module. Alan DeKok.