RE: ldap huntgroups and groups

Continuing with huntgroups and groups. I followed the most recent
instructions below.
The client uses the default group below.
I see the reply message come through in the request
But the request gets access accept instead of access reject?????



>
>
################################################## ######################
> #
> ### default ldap group does not succeed
>
################################################## ######################
> ##
>
> DEFAULT Auth-Type := Reject
> Reply-Message = "sorry you are not allowed to dial in
here"
>

The reply message should go on the second line on this one. Reply
message
is not a check item. Also, technically, you don't need Simultaneous
User,
since they are being rejected this session will never be added.

Your user was found in a group, however, it should have been rejected
since you have fall-though = 1 (yes). It should have fallen through to
the default reject line. Note: This is probably not what you want,
because all users will be rejected when you fix the Reject line. I
would
change Fall-Through = no (0), to all your Ldap-Group entries above it.

Move the Reply-Message to the second line.

DEFAULT Auth-Type := Reject
Reply-Message = "You cannot dial in here"





-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html