Hello, I figure that other people might benefit from this too, so...
I was correct in my previous message. I added ldap to the authorize section of the inner tunnel, and did the group checking in the post-auth of the default server and everything worked wonderfully. Dave On 2012-07-30, at 1:28 PM, David Aldwinckle <[email protected]> wrote: > Thanks for your response, Alan. > > I'll give that a shot. > > Is it to correct to assume that the only additional thing I should need is to > uncomment "ldap" in the authorize stanza of the inner-tunnel? I would imagine > listing it after eap in the default server would have a large impact on > performance. > > Dave > > On 2012-07-30, at 1:11 PM, Alan DeKok <[email protected]> wrote: > >> David Aldwinckle wrote: >>> Is it possible to do LDAP group checking in post-auth of the default server >>> even if the request is EAP? >> >> Yes. >> >> if (LDAP-Group == "banned") { >> reject >> } >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
