>In my users I have > >DEFAULT LDAP-Group == foo > >However, even with these configuration options set, anyone with a valid login >and password can authenticate right now. In my "radiusd -X" I see: > >rlm_ldap: performing search in dc=blah, with filter (&(cn=foo)(memberUid=test)) >rlm_ldap: object not found or got ambiguous search result > >But it then goes on the authenticate the user anyhow: > >rlm_ldap: user test authorized to use remote access > >I looked around on Google, and I see -lots- of stuff about configuring LDAP >group checks, but I haven't found anything that's all too helpful right now. >Is there some option that I have to set to tell the system to ignore a user >that's not in the proper group?
Add: DEFAULT Auth-Type := Reject at the end of the users file. If none of the groups match user will be rejected even with the correct password. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html