Hi. Probly just me not understanding...
What I want is for our switches to only allow access to MAC addresses in our LDAP database. I don't want to store passwords on our LDAP host entries. I'm set up to check LDAP during authorisation, and it correctly returns authorised / not authorised depending on whether the appropriate attribute contains the right value. The trouble comes with authentication - either I set Auth-Type := Accept, in which case and failed authorisation is overridden, or I allow authentication to carry on against LDAP ( or System, or whatever ), in which case it fails always and access is denied, even for authorised MACs. Is there a way to make the Authorisation part final and authoritative? As I say, probly just being stoopid. Mart -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
