On Wed, 20 Jul 2005 [EMAIL PROTECTED] wrote: > My fault...members of that group are DENIED access. Now I get. > > So, that leads me to another question. How do I change the syntax so that > users > are ALLOWED access if they are a member of the specified group? I tried > changing the line in the users file to Auth-Type := Allow, but this didn't > work. > Unfortunately, I can't find anything on this in rlm_ldap or FAQ. > > Thanks in advance, > > Josh
Just think backwards. DEFAULT Ldap-Group == "cn=remoteusers,o=services" DEFAULT Auth-Type := Reject Reply-Message = "Your account has been disabled" That will see if you match Ldap-Group, if not, you won't match that line in the users file so it will try the next line. The next line rejects everyone. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html