I have working radius - AD authentication via winbind (MSCHAP challnge-response). But I do not want to give all domain users ability to use VPN. I want to use special AD group. I have considered LDAP authorization. I've read this manual http://wiki.freeradius.org/Rlm_ldap and configured correct ldap bind values but now I'm pretty much lost How to tell freeradius, that after successful MSCHAP auth against AD it must browse AD via LDAP and check that te username belongs to specified group? Any suggestions of documentation that will help, would be appriciated.
Andres Septer
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html