Arne Brutschy <[EMAIL PROTECTED]> wrote: > So I thought the request will be go through the authorize section, first > preprocessing the huntgroups, then selecting the DEFAULT entry in the > users file, adding Autz-Type as check-items and selecting the > appropriate Autz-Type based on that item.
Read doc/Autz-Type > I think it might have something to do with the eap-ttls module proxying > the request back to the localhost, now using the requestitems from > inside the tunnel. If the ldap section gets executed in any case (as in > the second auth section) it works just fine. When I'm using the first > auth section, I get a "no Auth-Type found for this request" error, > because no ldap section was processed. Did you see that DEFAULT entry in the "users" file match for the tunneled session? If not, it never set Autz-Type. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html