> DEFAULT Huntgroup-Name == VPN_Huntgroup, Auth-Type=ntlm_auth,
> Ldap-Group == "VPN_Users"
>
>
> It runs the LDAP group check, but still lets the user log in even
> when he's not in the VPN_Users group:
Use unlang for better control of what happens:
if(Huntrgroup-Name == "VPN_Huntgroup") {
if(Ldap-Group == "VPN_Users") {
if(!control:Auth-Type) {
update control {
Auth-Type = "ntlm_auth"
}
}
}
else {
reject
}
}
Ivan Kalik
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
