Alan DeKok aland at deployingradius.com
Fri Jun 5 14:23:12 CEST 2009

Dave Rummel wrote:
> In order for me to just grasp the concept, I have tried this in the
> users file, o=lookout is our complete list of all of our users
> DEFAULT Huntgroup-Name == CiscoAdmin, Ldap-Group == "o=lookout"
>      Fall-Through = no
> DEFAULT Auth-Type := Reject
> If I comment out the Reject, the user is able to authenticate to the
> Cisco Router, as soon as uncomment it out, I get rejected...here is the
> log file from it.

  Yes.  Because  the "users" file isn't the *only* source of
configuration in the server.  If you comment out the "Reject" line, the
previous line does almost nothing.

  I would suggest using "unlang" to write the policies.  It is a LOT
more straightforward than the "users" file, and it is well integrated
into the server.

> The line I am really trying to understand is this one, where is this
> line 11 ?
> *Thu Jun  4 16:15:52 2009 : Debug:  attr_filter: Matched entry DEFAULT
> at line 11

  See the configuration for the "attr_filter" module.

  Alan DeKok.

More information about the Freeradius-Users mailing list