[EMAIL PROTECTED] wrote:
> Rob Shepherd wrote:
> TYPO!
>
> DEFAULT HuntGroup-Name == ciscovpnc
> Autz-Type := ldap
>
> ...is how it looks in raddb/user.
You need to put the Autz-Type on the first line as a check item.
DEFAULT HuntGroup-Name == ciscovpnc, Autz-Type := ldap
Thanks to Alan D. and Garret M. for their comments..
However , neither ldap nor sql are checked at all in any case now. I've
not quite got it right....
I've since ditched declaring raddb/huntgroups, as a simplifying
exercise. I'm checking for NAS-IP-Address instead in raddb/users.
raddb/users now looks like this
DEFAULT Auth-Type := PAP
Fall-Through = yes
# wlan controller - needs LDAP and MySQL
DEFAULT NAS-IP-Address == 172.16.6.4, Autz-Type := LDMS
Tunnel-Type = VLAN,
Tunnel-Medium-Type = IEEE-802,
Fall-Through = yes
# vpn concentrator - only LDAP
DEFAULT NAS-IP-Address == 10.1.33.4, Autz-Type := LDAP
Fall-Through = yes
radiusd has this..
authorize {
preprocess
eap
mschap
Autz-Type LDAP {
ldap
}
Autz-Type LDMS {
ldap
sql
}
}
The modules section is as it was when wireless was working. I can see
with -X that the ldap and sql modules are instantiated fine.
Here's the only processing that is done.
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
modcall: leaving group authorize (returns ok) for request 0
auth: No authenticate method (Auth-Type) configuration found for the
request: Rejecting the user
auth: Failed to validate the user.
If anybody would be so kind as to point me in the right direction....
Thanks IA
Rob
--
Rob Shepherd | Computer and Network Engineer | Technium CAST | LL57 4HJ
[EMAIL PROTECTED] | 01248 675024 | 077988 72480
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
