separating Users?
freeradius at corwyn.net
freeradius at corwyn.net
Tue Dec 1 19:16:40 CET 2009
At 01:03 PM 12/1/2009, tnt at kalik.net wrote:
>Use unlang for better control of what happens:
>
>if(Huntrgroup-Name == "VPN_Huntgroup") {
> if(Ldap-Group == "VPN_Users") {
> if(!control:Auth-Type) {
> update control {
> Auth-Type = "ntlm_auth"
> }
> }
> }
> else {
> reject
> }
>}
If I understand correctly, I don't need to worry about ntlm_auth at
all in this case (because with MSCHAP I don't have a cleartext
password, and thus ntlm_auth won't do me any good), so I probably
don't need to update the Auth-Type?
So I think what I need is:
>if(Huntgroup-Name == "VPN_Huntgroup") {
> if(Ldap-Group == "VPN_Users") {
> }
> else {
> reject
> }
>}
woudl that unlang go into the ./users file? or into the
authorization {..} section?
>Ivan Kalik
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list