g17jimmy wrote: > One question relating to this is about the /etc/raddb/users file- It doesn't > seem to work as it's documented,
Well... no. > If I have a group set to be rejected based > on its membership like this: > > DEFAULT Group="disabled", Auth-Type:=Reject > > radius doesn't even check for group membership. The only way it seems to get > directed to check membership is with a negative check (!=). See "man users". Use Group == ... The operators do different things. > DEFAULT LDAP-Group!="newgroup", Auth-Type:=Reject > > Regardless, I still can't figure out what filter would validate the user > "newuser" as a member of "newgroup"- LDAP-Group == "newgroup" Everyone else is using it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html