>I've googled this to no avail (have been working on it for about 4 hours >now). I'm running FreeRADIUS 1.1.0 (SuSE package) and OpenLDAP 2.3.19. I
Upgrade. This is much easier with unlang. >have an access point that will do captive portal, but only via RADIUS, >not via LDAP natively. I already have an LDAP server running, so I just >added a new groupOfNames called "WirelessUsers". > >Basically, *all* I want RADIUS to do is check the username and password, >and assuming they are correct, either allow or deny based on whether the >user is a member of "WirelessUsers". DEFAULT Ldap-Group == WirelessUsers DEFAULT Auth-Type := Reject That should work. Only members of WirelessUsers ldap group won't be rejected. Whatch the debug if something earlier in users file matches but hasn't got Fall-Through. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html