separating Users?
freeradius at corwyn.net
freeradius at corwyn.net
Mon Nov 30 23:07:46 CET 2009
At 03:27 PM 11/30/2009, David Mitchell wrote:
>1) Don't specify the Auth-Type. You still want to check the password I
>assume. I think your config will let in any user who is in group
>"Group1" irrespective of the supplied password.
Sigh. Here I was all excited that I had everything working, and was
merrily working on my docs and making them into a HOWTO. And you're
right on target. Correct user ID any password permits access.
So here's my users file once I take that out:
DEFAULT Huntgroup-Name == Cisco_Huntgroup, Ldap-Group ==
"Infrastructure"
Service-Type:=NAS-Prompt-User,cisco-avpair:=shell:priv-lvl=15"
DEFAULT Auth-Type = ntlm_auth
And now it doesn't work.
"Authentication failed".
If I switch the order I get:
"Authorization failed"
More information about the Freeradius-Users
mailing list