On Mon, Oct 14, 2013 at 10:40:19AM +0100, Matthew Newton wrote: > On Fri, Oct 11, 2013 at 05:41:07PM +0100, Fabrizio Vecchi wrote: > > As you can see, the device wasn't listed in the file, the authentication > > went fine, saying that the tunnel that I should get has ID 40, but that > > wasn't overwritten by the authorized_macs check... > > DEFAULT Auth-Type := Reject
I misread (and replied before I'd seen the other thread from your duplicate message...) - to set the vlan for any users that *don't* match other entries, then add this at the bottom: DEFAULT Tunnel-Type:0 := VLAN Tunnel-Medium-Type:0 := IEEE-802 Tunnel-Private-Group-Id:0 := "999" To Reject, you can do it in authorize. To set the VLAN, as Alan said, post-auth is the better place. Use ":=" to force the values to be set. "=" will not change the values if already set by the inner tunnel, etc. Matthew -- Matthew Newton, Ph.D. <m...@le.ac.uk> Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, <ith...@le.ac.uk> - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html