separating Users?
tnt at kalik.net
tnt at kalik.net
Tue Dec 1 19:03:38 CET 2009
> DEFAULT Huntgroup-Name == VPN_Huntgroup, Auth-Type=ntlm_auth,
> Ldap-Group == "VPN_Users"
>
>
> It runs the LDAP group check, but still lets the user log in even
> when he's not in the VPN_Users group:
Use unlang for better control of what happens:
if(Huntrgroup-Name == "VPN_Huntgroup") {
if(Ldap-Group == "VPN_Users") {
if(!control:Auth-Type) {
update control {
Auth-Type = "ntlm_auth"
}
}
}
else {
reject
}
}
Ivan Kalik
More information about the Freeradius-Users
mailing list