On Fri, Oct 11, 2013 at 05:41:07PM +0100, Fabrizio Vecchi wrote:
> As you can see, the device wasn't listed in the file, the authentication
> went fine, saying that the tunnel that I should get has ID 40, but that
> wasn't overwritten by the authorized_macs check...


DEFAULT Auth-Type := Reject

to the bottom of your authorized_macs file.

You might as well move the mac address check up above eap in
the authorize section. There's no point going through all the eap
processing if you're just going to reject afterwards based on
something that could easily have been done first.



Matthew Newton, Ph.D. <m...@le.ac.uk>

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ith...@le.ac.uk>
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to