On Wed, February 15, 2006 1:15 pm, Alan DeKok wrote: > "Jay Lee" <[EMAIL PROTECTED]> wrote: >> My last task is to allow Wireless authentication only to >> members of a given LDAP Group. > ... i.e. to reject wireless for everyone else.
So the glass is half empty? :-) >> If I empty out /etc/raddb/users completely, authentication works. If I >> put the following in users: >> DEFAULT LDAP-Group == "Wireless", Auth-Type := Accept > Then people in the wireless group don't have their passwords checked. Yeah, guess that's not what I want, I thought the group check was taking place after the password check. >> DEFAULT Auth-Type := Reject > And everyone else gets rejected. >> However, the wireless client never quite seems to finish associating. >> Any >> ideas what I'm doing wrong here? What should the users file look like >> to allow anyone who is a member of the Wireless LDAP group and deny >> everyone else? > > DEFAULT LDAP-Group != "Wireless", Auth-Type := Reject > That rejects everyone who isn't in wireless. As for the wireless > people, their passwords should be checked using the normal process. You > shouldn't have to do anything special there. That works perfectly, thanks! Jay -- Jay Lee Network / Systems Administrator Information Technology Dept. Philadelphia Biblical University -- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
