this shows in the log: modcall: group authenticate returns ok but there is never any ldap query to check the group.
i have this in my radiusd.conf:
groupname_attribute = cn
groupmembership_filter = "(|(&(objectClass=posixGroup)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
groupmembership_attribute = radiusGroupName
and this in users:
DEFAULT Ldap-Group != "dialup", Auth-Type := REJECT Reply-Message = "Sorry, you are not allowed to have dialup access"
If anyone has any suggestions or could post their config with this functionality working, I would appreciate it.
Thanks, -Ryan
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html