separating Users?

tnt at kalik.net tnt at kalik.net
Tue Dec 1 03:41:48 CET 2009


> What I think is my final problem.  I'm now working to authenticate
> VPN users in the same scenario, using the l2tp client in
> windows.   Looks like everything automatically picks up that it's a
> MSCHAP request.
>
> Using a similar logic:
> DEFAULT         Huntgroup-Name == VPN_Huntgroup, Ldap-Group == "VPN_Users"
>
> The only problem is that it appears to ignore my LDAP group, and just
> authenticate ANY user (with a valid User ID/ Password) regardless of
> LDAP group.

Yes, if that DEFAULT entry doesn't match - it will get ignored. If you
want authentication to fail if such conditions are not met you need to add
Auth-Type to it. If there is no Fall-Through to DEFAULT forcing ntlm_auth,
Auth-Type won't be set and authentication will fail.

Ivan Kalik




More information about the Freeradius-Users mailing list