Hello, my first question

[Wesley Joyce]

Hello all, I am new to the list and new to Radius.  Radius was set up prior 
to me.  I am sure I will get a lot of help from here when the docs are not 
specific to my issue.

I am using Sun One DS 5.2 as my authentication source and freeradius-0.8-1 
on RH Linux.   I did not extend the schema to included the radius object class.

How can I properly deny certain users or groups from being able to dial in 
and establish PPP sessions?
I am a little confused after reading 
http://www.freeradius.org/radiusd/doc/rlm_ldap and 
http://www.freeradius.org/faq/#5.2.

This is my users file -
stxlib        Password == "******"
                Service-Type == Login-User,
                Login-IP-Host == hostname,
                Login-Service == Telnet,
                Login-TCP-Port == 23
DEFAULT         Auth-Type := LDAP, Prefix == "P", Strip-User-Name == Yes
                Service-Type = Framed-User,
                Framed-Protocol = PPP,
                Framed-IP-Address = 255.255.255.254,
                Framed-Routing = None,
                Framed-MTU = 1500,
                Session-Timeout := 14400,
                Idle-Timeout := 900,
                Fall-Through = Yes
and the portion of my radius.conf that I think is relevant -
modules {
        pam {
                # pam_auth = radiusd
                pam_auth = system-auth
        }
        ldap {
                server = "ahost"
                #port = 636
                port = 389
                # identity = "cn=admin,o=My Org,c=UA"
                # password = mypass
                basedn = "dc=uvi,dc=edu"
                filter = "(uid=%u)"
                # set this to 'yes' to use TLS encrypted connections
                # to the LDAP database.
                start_tls = no
                # default_profile = "cn=radprofile,ou=dialup,o=My Org,c=UA"
                # profile_attribute = "radiusProfileDn"
                access_group = "cn=DialupUsers,ou=DialUsers,o=uvi.edu"
                #access_attr = "dialupAccess"
                # Mapping of RADIUS dictionary attributes to LDAP
                # directory attributes.
                #dictionary_mapping = ${raddbdir}/ldap.attrmap
                # ldap_cache_timeout = 120
                # ldap_cache_size = 0
                ldap_connections_number = 5
                # password_header = "{clear}"
                # password_attribute = userPassword
                # Next 2 lines uncommented 20 Mar 2003 -jrl
                groupname_attribute = cn
                groupmembership_filter = 
"(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
                timeout = 4
                timelimit = 3
                net_timeout = 1
                # compare_check_items = yes
                # access_attr_used_for_allow = yes
        }
        # Livingston-style 'users' file
        #
        files {
                usersfile = ${confdir}/users
                acctusersfile = ${confdir}/acct_users
                compat = no
        }
        detail {
                detailfile = ${radacctdir}/%{Framed-IP-Address}/detail
                detailperm = 0600
        }

Thanks for your help
Wesley Joyce
"If you can't explain it simply, then you don't know it well enough. - 
Unknown." 

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html