Ivan, Thank you so much! Perhaps you misunderstood my intention of saying "relevant portions" of the configs - this isn't *everything* in the config, just everything related to LDAP.
Regardless, I just removed all of what I'd added to users and added that construct to authorize{} in my default site, and it seems to be working perfectly. I had to change update control { Auth-Type := Accept } to "Fall-Through: yes" to get LDAP authentication to work, but other than that, perfect! Thanks, Jason Ivan Kalik wrote: >> I can't seem to find anything concrete online for freeradius1 relating to >> > groupOfNames, so I've just been trying random things that I found online > (for raddb/users) hoping one would work. > >> RELEVANT CONFIGS (only relevant portions, comments removed) >> > > >> raddb/sites-enabled/default: >> > > >> authorize { >> ldap >> } >> authenticate { >> Auth-Type LDAP { >> ldap >> } >> >> } >> > > And did you find that any part of documentation suggesting that you should > cripple the server and then wonder why it's not working? Or does it say: > "use default configuration and make only small changes"? Now, go back to the > default configuration, configure *only* ldap module, disable ldap > authentication (without the password in the request it can't work as it is > clearly stated in ldap module) set_auth_type = no. Add this unlang > statements to authorize: > > if(Ldap-Group == "WirelessUsers") { > update control { > Auth-Type := Accept > } > } > else { > reject > } > > Ivan Kalik > Kalik Informatika ISP > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html