separating Users?
tnt at kalik.net
tnt at kalik.net
Tue Dec 1 03:41:48 CET 2009
> What I think is my final problem. I'm now working to authenticate
> VPN users in the same scenario, using the l2tp client in
> windows. Looks like everything automatically picks up that it's a
> MSCHAP request.
>
> Using a similar logic:
> DEFAULT Huntgroup-Name == VPN_Huntgroup, Ldap-Group == "VPN_Users"
>
> The only problem is that it appears to ignore my LDAP group, and just
> authenticate ANY user (with a valid User ID/ Password) regardless of
> LDAP group.
Yes, if that DEFAULT entry doesn't match - it will get ignored. If you
want authentication to fail if such conditions are not met you need to add
Auth-Type to it. If there is no Fall-Through to DEFAULT forcing ntlm_auth,
Auth-Type won't be set and authentication will fail.
Ivan Kalik
More information about the Freeradius-Users
mailing list