Wifi + Active Directory without ntlm
Alan DeKok
aland at deployingradius.com
Thu May 28 14:07:10 CEST 2020
> On May 28, 2020, at 7:41 AM, Клеусов Владимир Сергеевич via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
>
> If /etc/freeradius/users
>
> DEFAULT Auth-Type := LDAP, LDAP-Group == «test_group"
> DEFAULT Ldap-Group != «test_group", Auth-Type := Reject
>
> Then all users get access regardless of their membership in this group. Why can this happen ?
Well, the debug output should tell you.
But this kind of thing is generally easier to do in an "unlang" policy, instead of the "users" file:
if (LDAP-Group == "test") {
update control {
Auth-Type := ldap
}
}
else {
reject
}
Alan DeKok.
More information about the Freeradius-Users
mailing list