>DEFAULT Group == eng, Auth-Type := Accept > >I do have "usegroup = yes" set in my radiusd.conf. > >Now, just below that, as the final entry, is this: > >DEFAULT Auth-Type := Accept > Extreme-Security-Profile = "port100full >LOGOFF-PROFILE=port100full;", > Extreme-Netlogin-Vlan = guest > >So, we have both Extreme switches and terminal servers authenticating to >our radius server. Prior to this attempt I've had individual user >entries for the terminal servers, of the form: > >joeuser Auth-Type := Accept > Service-Type = Administrative >
That should be Administrative-User. >If I add the Service-Type line to my default group line, it breaks >authentication That's unlikely. It's authorization attribute - nothing to do with authentication. >and also slows it way down, taking about 20-30 seconds. > >With the "DEFAULT Group" line by itself, however, *all* users, including >nonexistent ones, get accepted. This isn't ideal, obviously. I'm also >concerned that my guest vlan logins may not be making it past that first >default group entry. > >Any ideas how to make this work? > Debug (radiusd -X). If a user is not the part of that group that DEFAULT line shouldn't match. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
