Hello all, I am attempting to use FreeRadius to authenticate based on a group in active directory. I have it performing authentication using LDAP against Active-Directory fine, but I would like to restrict it based on group membership. From what I can determine I should use the users file to enable group authentication but I don't seem to have that done correctly.
After reading the archives I read a great page: http://doris.name/radius/ that I think explains how to do what I want to do but whenever I add the following to users: DEFAULT Ldap-Group == My_group, Auth-Type := reject Reply-Message = "Account disabled. Please call the helpdesk." it doesn't seem to matter who logs in, as long as they have a valid Active Directory account and the password is the correct they are allowed in. After searching through the archives again I still am at a loss, I am obviously missing something but I am not sure what. Can someone point me in the right direction? Thank you! Darren ********************************************************************** The information and any files contained in this e-mail message are property of WestPoint Stevens Inc., its subsidiaries or affiliates, and are intended only for use of the individual or entity named above. If the reader of this message is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you hereby are notified that use, dissemination, distribution or copying of this information is strictly prohibited. If you have received this communication in error, please immediately notify us by return e-mail and destroy the original message. Thank you. ********************************************************************** - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html