Paul Stepowski <[EMAIL PROTECTED]> wrote: > Is it possible to authenticate users against LDAP and also check if > the username exists in a local UNIX group.
Yes. But you really don't need to authenticate against LDAP. Configure the server to pull the cleartext password from LDAP, and the server will figure it out... > I tried to combine these two in various way, e.g. > > - ---snip--- > DEFAULT Group == "paul", Auth-Type = LDAP, > Fall-Through = No > - ---snip--- > > But I couldn't get this to work, probably because LDAP has no concept of a > "Group". Huh? No. That configuration will work IF the user is in a local Unix group. And PLEASE read the FAQ for questions like "it doesn't work". You're going out of your way to avoid giving information that may enable people to help you. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
