Hi folks, Following the FAQ, I have added a line like this to my users file:
DEFAULT Group == eng, Auth-Type := Accept I do have "usegroup = yes" set in my radiusd.conf. Now, just below that, as the final entry, is this: DEFAULT Auth-Type := Accept Extreme-Security-Profile = "port100full LOGOFF-PROFILE=port100full;", Extreme-Netlogin-Vlan = guest So, we have both Extreme switches and terminal servers authenticating to our radius server. Prior to this attempt I've had individual user entries for the terminal servers, of the form: joeuser Auth-Type := Accept Service-Type = Administrative If I add the Service-Type line to my default group line, it breaks authentication and also slows it way down, taking about 20-30 seconds. With the "DEFAULT Group" line by itself, however, *all* users, including nonexistent ones, get accepted. This isn't ideal, obviously. I'm also concerned that my guest vlan logins may not be making it past that first default group entry. Any ideas how to make this work? --JB - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html