2015-03-20 22:19 GMT+01:00 Alan DeKok <aland@deployingradius.com>:
If you don't have the time to *summarize* what you're doing, I don't have time to read the hundreds of lines of ldap dump you posted.
On Mar 20, 2015, at 5:05 PM, Ben Humpert <ben@an3k.de> wrote:
RADIUS should check if the users group has a radiusCalledStationId attribute matching the Called-Station-Id. If not it should check if the user itself has a matching attribute. If not, Access-Reject. In case a match is found and Called-Station-Ssid is set RADIUS should now check if the users group has a matching radiusCalledStationSsid attribute. If not it should check if the user itself has a matching attribute. If not, Access-Reject. In case a match is found RADIUS should finally check the users group for other attributes (eg. radiusTunnelType, etc.) and apply them as long as the user itself doesn't have these attributes set too. In that case the users attributes take precedence.