Hi, I have grouped my users in ldap using "groupofNames" objectclass.
now one group of users which I only want to allow to authenticate to the radius server has a dn of: dn: cn=radiususers,ou=groups,o=example,dc=com It has "member" attributes such as: member: uid=user2,ou=people,o=example,dc=com member: uid=user3,ou=people,o=example,dc=com member: uid=user4,ou=people,o=example,dc=com member: uid=user5,ou=people,o=example,dc=com In my radiusd.conf I have these lines: groupname_attribute = cn groupmembership_filter = "(|(&(objectClass=GroupOfNames) (member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames) (uniquemember=%{Ldap-UserDn})))" However, I'm not sure where to specify that only the member of the group "radiususer" is allowed to authenticate... Although I can simply add an dialupAccess attribute to each user I only want to allow, It is difficult because I have so many users... If only there's a way to just tell radius to only allow the member of this group.... Please help.. thanks. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html