> I insert in my users file this configuration item: > > DEFAULT Huntgroup-Name == wi-fi, Ldap-Group == "wifi", EAP-Type == PEAP, > Auth-Type := Reject > > DEFAULT Huntgroup-Name == wi-fi, Ldap-Group == "wifi", EAP-Type == TLS > Fall-Through = No > > DEFAULT Ldap-Group == "user", Huntgroup-Name == user > Fall-Through = No > > > > The fist DEFAULT should reject the request if the EAP-type is PEAP, > while the second DEFAULT should accept only the request if the EAP is > TLS .... i think :-)) > > > but during the test i note that if i force wifi in PEAP, the request is > reject from the second default, and not in the fist, this is the log: > > Wed Jun 24 14:02:36 2009 : Debug: users: Matched entry DEFAULT at > line 3 ( line 3 is the second DEFAULT ) > > the reject is because it dont is able to oepn tls > > If i try in TLS the system accept the request.... > > The questions is....Why the Peap request dont match the fist DEFAULT ?
Because peap is treated as subsection of tls. Use listen section to direct requests from wi-fi huntgroup clients to one virtual server and user to another. Create two eap instances - one standard, and one without peap configured. Use the one with peap disabled in virtual server which processes wi-fi requests. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html