On Thu, 17 Feb 2005, Chan Min Wai wrote:
Kostas Kalevras wrote:You 've got multiple instances of the ldap module and you 're using the wrong one to perform group checks. Use:
DEFAULT <ldap_instance>-Ldap-Group == disabled, Auth-Type := Reject
Ok Things statring to be more interesting now. I've using the following entry in users as below:
DEFAULT ocesbldap-Ldap-Group == "cn=disabled,ou=profiles,dc=ocesb,dc=com,dc=my,dc=.", Auth-Type := Reject Reply-Message = "Sorry, you are not allowed to have dialup access"
=================OR==================
DEFAULT ocesbldap-Ldap-Group == disabled, User-Profile := "cn=disabled,ou=profiles,dc=ocesb,dc=com,dc=my,dc=.", Auth-Type := Reject Reply-Message = "Sorry, you are not allowed to have dialup access"
Both of them are working however...
Seem to be they don't care what group the users is in and just by default disable everybody.
Anyone have some hints for me...
Run the server in debug mode to see what happens exactly.
After working on this Group, I'm thinking what is the real use of Group?
None really, apart from group checks like the above
Define the default attribute/replyItem for certain services?
That's what Default/REgular/User profiles are for.
Regards, Chan Min Wai
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html