> DEFAULT Huntgroup-Name == VPN_Huntgroup, Auth-Type=ntlm_auth, > Ldap-Group == "VPN_Users" > > > It runs the LDAP group check, but still lets the user log in even > when he's not in the VPN_Users group:
Use unlang for better control of what happens: if(Huntrgroup-Name == "VPN_Huntgroup") { if(Ldap-Group == "VPN_Users") { if(!control:Auth-Type) { update control { Auth-Type = "ntlm_auth" } } } else { reject } } Ivan Kalik - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html