denying access to user from device
Garrett.Marks at wichita.edu
Garrett.Marks at wichita.edu
Thu Sep 14 21:33:35 CEST 2006
> Rob Shepherd wrote:
> TYPO!
>
> DEFAULT HuntGroup-Name == ciscovpnc
> Autz-Type := ldap
>
> ...is how it looks in raddb/user.
You need to put the Autz-Type on the first line as a check item.
DEFAULT HuntGroup-Name == ciscovpnc, Autz-Type := ldap
If I understand correctly, with the Autz-Type on the second line you are
trying to set it as a reply item. However, Autz-Type is a server
configuration attribute not a standard RADIUS attribute that a client
(NAS) would understand, which is why you need to set it on the first line.
I've been using a similar configuration for awhile, except we use multiple
ldap modules and I also set Auth-Type as well as the Autz-Type.
> Oh, and I tried various combos of
>
> Autz-Type ldap{
> ldap
> }
>
> in authorize{ too. No joy.
This looks fine to me, probably just need to fix the DEFAULT line.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060914/997b328c/attachment.html>
More information about the Freeradius-Users
mailing list