Michael March wrote: > I've been playing around with this all day and I'm stumped.
Please read the "man" page for the "users" file. > Does anyone have a config for ANY version of FreeRadius that works > with LDAP groups? Yes. > > On Tue, Sep 8, 2009 at 11:17 PM, Michael March wrote: >> The scoop is I'm using Freeradius 1.1.3 under RHEL/Centos 5.2 and I'm >> trying to get authentication working so FreeRadius will authenticate a >> user OLNY if they are in a certain LDAP group.. In this case that >> group is called 'it'. That's simple enough. >> DEFAULT Auth-Type = LDAP >> Fall-Through = 1 >> >> DEFAULT LDAP-Group == it >> Service-Type = Administrative-User That configuration does NOT match your requirements. It: a) sets authentication to LDAP b) adds Service-Type... for users in the "it" LDAP group It's really that simple. What you want is: a) for users in "it" group, set LDAP authentication b) reject everyone else i.e. For (a), put the configuration in ONE entry in the "users" file. DEFAULT LDAP-Group == "it", Auth-Type = LDAP # NO FALL-THROUGH DEFAULT Auth-Type := Reject Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html