Difan Zhao wrote: > So I want to make all rest devices to be authenticated. It will be even > better if I can assign them to a specific VLAN. I was reading > ./sites-avaliable/default and I found that "forcibly accept the user > (Auth-Type := Accept)". Where do I put it? I tried: > > post-auth { > Post-Auth-Type REJECT { > # attr_filter.access_reject > Auth-Type := Accept > } > }
It's too late to over-ride the reject at that point. And I doubt that this will prevent the icon from appearing on their desktop. The icon means that the *PC* believes it wasn't authenticated. The config above tells the *NAS* to allow them in, but does not convince the *PC* that it has been authenticated. There is no substitute for running the authentication protocol correctly. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html