Thanks for your response, Alan. I'll give that a shot.
Is it to correct to assume that the only additional thing I should need is to uncomment "ldap" in the authorize stanza of the inner-tunnel? I would imagine listing it after eap in the default server would have a large impact on performance. Dave On 2012-07-30, at 1:11 PM, Alan DeKok <[email protected]> wrote: > David Aldwinckle wrote: >> Is it possible to do LDAP group checking in post-auth of the default server >> even if the request is EAP? > > Yes. > > if (LDAP-Group == "banned") { > reject > } > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
