Hi, I tried the suggestion and it didn't work, here are the involved radiusd.conf sections. You will also notice mschap and similars, that's because we also have dialup users who need an ldap lookup for their belonging to a dialup group and the password. I also need to check if chap still works with this configuration...
instantiate { exec ldap files expr } authorize { preprocess auth_log chap mschap suffix eap files pap } authenticate { Auth-Type PAP { pap } Auth-Type CHAP { chap } Auth-Type MS-CHAP { mschap } eap } And this is the users file line: [EMAIL PROTECTED] Cleartext-Password := "a", Ldap-Group == "wifi" I also used this one: [EMAIL PROTECTED] Ldap-Group == "wifi" with EAP-TLS. No way. Both first perform a user-existence check in the ldap_groupcmp() call. Meaning these both work if user exists in the LDAP tree. In the meanwhile I'm looking at the source code for this call... it sounds like this search is hardcoded somewhere. Forgive my suckage. T_T Bye, Inverse On 7/26/07, inverse <[EMAIL PROTECTED]> wrote: > > > > > > users file line: > > > [EMAIL PROTECTED] Auth-Type := EAP, User-Password == "a", Ldap-Group == > > > "wifi" > > > > Totally wrong. You want: > > > > [EMAIL PROTECTED] Cleartext-Password := "a", Ldap-Group == "wifi" > > > > Thanks, I owe you one > > > Bye, > Inverse. > -- "In a sea of glass shards, I hear you screaming" --icchan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html