> What I think is my final problem. I'm now working to authenticate > VPN users in the same scenario, using the l2tp client in > windows. Looks like everything automatically picks up that it's a > MSCHAP request. > > Using a similar logic: > DEFAULT Huntgroup-Name == VPN_Huntgroup, Ldap-Group == "VPN_Users" > > The only problem is that it appears to ignore my LDAP group, and just > authenticate ANY user (with a valid User ID/ Password) regardless of > LDAP group.
Yes, if that DEFAULT entry doesn't match - it will get ignored. If you want authentication to fail if such conditions are not met you need to add Auth-Type to it. If there is no Fall-Through to DEFAULT forcing ntlm_auth, Auth-Type won't be set and authentication will fail. Ivan Kalik - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
