Dave Rummel wrote: > In order for me to just grasp the concept, I have tried this in the > users file, o=lookout is our complete list of all of our users > > DEFAULT Huntgroup-Name == CiscoAdmin, Ldap-Group == "o=lookout" > Fall-Through = no > > DEFAULT Auth-Type := Reject > > If I comment out the Reject, the user is able to authenticate to the > Cisco Router, as soon as uncomment it out, I get rejected...here is the > log file from it.
Yes. Because the "users" file isn't the *only* source of configuration in the server. If you comment out the "Reject" line, the previous line does almost nothing. I would suggest using "unlang" to write the policies. It is a LOT more straightforward than the "users" file, and it is well integrated into the server. > The line I am really trying to understand is this one, where is this > line 11 ? > > *Thu Jun 4 16:15:52 2009 : Debug: attr_filter: Matched entry DEFAULT > at line 11 See the configuration for the "attr_filter" module. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html