> You can create normal groups in your ldap tree. Then you can do group searches > like this in your users file: > > DEFAULT Ldap-Group == "admins"
Done that, I get the following error when running "radiusd -s -xxx": Module: Loaded files files: usersfile = "/usr/local/etc/raddb/users" files: acctusersfile = "/usr/local/etc/raddb/acct_users" files: compat = "no" /usr/local/etc/raddb/users[178]: Parse error (check) for entry DEFAULT: Unknown attribute Ldap-Group Errors reading /usr/local/etc/raddb/users radiusd.conf[672]: files: Module instantiation failed. If I do this in the users file it never gets checked against the ldap attribute... Looking at the source, "ldap_groupcmp" should do the group checking and the "rlm_ldap: Entering ldap_groupcmp()" statement should appear when it hits the "Group" or "Ldap-Group". DEFAULT Group == "admins" Thanks, Adi - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html