This worked great.. thanks!
On Thu, Sep 10, 2009 at 1:12 AM, Alan DeKok <al...@deployingradius.com> wrote: > Michael March wrote: >> I've been playing around with this all day and I'm stumped. > > Please read the "man" page for the "users" file. > >> Does anyone have a config for ANY version of FreeRadius that works >> with LDAP groups? > > Yes. > >> >> On Tue, Sep 8, 2009 at 11:17 PM, Michael March wrote: >>> The scoop is I'm using Freeradius 1.1.3 under RHEL/Centos 5.2 and I'm >>> trying to get authentication working so FreeRadius will authenticate a >>> user OLNY if they are in a certain LDAP group.. In this case that >>> group is called 'it'. > > That's simple enough. > >>> DEFAULT Auth-Type = LDAP >>> Fall-Through = 1 >>> >>> DEFAULT LDAP-Group == it >>> Service-Type = Administrative-User > > That configuration does NOT match your requirements. It: > > a) sets authentication to LDAP > b) adds Service-Type... for users in the "it" LDAP group > > It's really that simple. > > What you want is: > > a) for users in "it" group, set LDAP authentication > b) reject everyone else > > i.e. For (a), put the configuration in ONE entry in the "users" file. > > DEFAULT LDAP-Group == "it", Auth-Type = LDAP > # NO FALL-THROUGH > > DEFAULT Auth-Type := Reject - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html