Check out www.doris.cc/radius. It is my setup that I am using and does
what you would want. If you have any questions, post to the list and I'll
try to answer them as best as I can.
Dusty Doris
On Tue, 30 Dec 2003, Ryan Henry wrote:
> I have ldap auth working and would like to allow/disallow access based
> on the user being in a certian group.
>
> this shows in the log: modcall: group authenticate returns ok
> but there is never any ldap query to check the group.
>
> i have this in my radiusd.conf:
>
> groupname_attribute = cn
> groupmembership_filter =
> "(|(&(objectClass=posixGroup)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
> groupmembership_attribute = radiusGroupName
>
> and this in users:
>
> DEFAULT Ldap-Group != "dialup", Auth-Type := REJECT
> Reply-Message = "Sorry, you are not allowed to have dialup access"
>
> If anyone has any suggestions or could post their config with this
> functionality working, I would appreciate it.
>
> Thanks,
> -Ryan
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
