Hello,
We're using freeradius to authenticate and authorize connections to a VPN concentrator. We're basically using freeradius to pass through queries to an LDAP server using the rlm_ldap module. It appears that we can set an access_attribute so that users without aren't authorized... however, we'd really like to do the reverse: all users are authorized by default unless they have an attribute set which rejects them. Is there any way to do this? Further, in the future we might want to channel other authentications through the same free radius server (for example, for a modem pool). We'd really like to have the modem pool check a different attribute in LDAP for authorization so that we can suppress access to one of the two without suppressing access to both. Is this possible? Many thanks, -Larry - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
