> I'm having an issue with the group check (ldap_groupcmp). > > Everything is fine until the request is tunnelled, and I can't find out > why my user is rejected there.... > It seems that he ends in this section during this phase: > DEFAULT Ldap-Group == BANNED , Auth-Type := Reject > Reply-Message = "Account disabled. Please call the helpdesk." >
No. That didn't match. > Tue Apr 28 11:42:35 2009 : Debug: rlm_ldap::groupcmp: Group BANNED not > found or user not a member See. > Tue Apr 28 11:42:35 2009 : Debug: rlm_ldap: ldap_release_conn: Release Id: > 0 > Tue Apr 28 11:42:35 2009 : Info: [files] users: Matched entry DEFAULT at > line 15 But something else did. What is on line 15 in users file? > Tell me if you need more debug output... We do. This doesn't show anything. Post the debug with whole inner tunnel exchange. > It was working perfectly before I introduced the group check using the > huntgroups. > Huntgroups? Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html