On Thu, 11 Mar 2004, Albers Darren wrote: > Hello all, > > I am attempting to use FreeRadius to authenticate based on a group in active > directory. I have it performing authentication using LDAP against > Active-Directory fine, but I would like to restrict it based on group > membership. From what I can determine I should use the users file to enable > group authentication but I don't seem to have that done correctly. > > After reading the archives I read a great page: http://doris.name/radius/ > that I think explains how to do what I want to do but whenever I add the > following to users: > DEFAULT Ldap-Group == My_group, Auth-Type := reject > Reply-Message = "Account disabled. Please call the helpdesk." > > it doesn't seem to matter who logs in, as long as they have a valid Active > Directory account and the password is the correct they are allowed in. > After searching through the archives again I still am at a loss, I am > obviously missing something but I am not sure what. Can someone point me in > the right direction? > > Thank you! > > Darren >
How do you have the groupmembership part of ldap in radiusd.conf setup? Also, can you post an example radiusd -X output? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
