[prev in list] [next in list] [prev in thread] [next in thread]
List: freeradius-users
Subject: RE: ldap huntgroups and groups
From: "alan walters" <alan () aillweecave ! ie>
Date: 2005-05-31 10:04:16
Message-ID: 4E5C0F1FE4FBC44092AEB9F268A802F30A6ACD () backbone ! aillweecave ! local
[Download RAW message or body]
Continuing with huntgroups and groups. I followed the most recent
instructions below.
The client uses the default group below.
I see the reply message come through in the request
But the request gets access accept instead of access reject?????
>
>
########################################################################
> #
> ### default ldap group does not succeed
>
########################################################################
> ##
>
> DEFAULT Auth-Type := Reject
> Reply-Message = "sorry you are not allowed to dial in
here"
>
The reply message should go on the second line on this one. Reply
message
is not a check item. Also, technically, you don't need Simultaneous
User,
since they are being rejected this session will never be added.
Your user was found in a group, however, it should have been rejected
since you have fall-though = 1 (yes). It should have fallen through to
the default reject line. Note: This is probably not what you want,
because all users will be rejected when you fix the Reject line. I
would
change Fall-Through = no (0), to all your Ldap-Group entries above it.
Move the Reply-Message to the second line.
DEFAULT Auth-Type := Reject
Reply-Message = "You cannot dial in here"
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic