Allowing Access based on Group Membership
Alan DeKok
aland at ox.org
Wed Feb 15 19:15:20 CET 2006
"Jay Lee" <jlee at pbu.edu> wrote:
> My last task is to allow Wireless authentication only to
> members of a given LDAP Group.
... i.e. to reject wireless for everyone else.
> If I empty out /etc/raddb/users completely, authentication works. If I
> put the following in users:
>
> DEFAULT LDAP-Group == "Wireless", Auth-Type := Accept
Then people in the wireless group don't have their passwords checked.
> DEFAULT Auth-Type := Reject
And everyone else gets rejected.
> However, the wireless client never quite seems to finish associating. Any
> ideas what I'm doing wrong here? What should the users file look like to
> allow anyone who is a member of the Wireless LDAP group and deny everyone
> else?
DEFAULT LDAP-Group != "Wireless", Auth-Type := Reject
That rejects everyone who isn't in wireless. As for the wireless
people, their passwords should be checked using the normal process.
You shouldn't have to do anything special there.
Alan DeKok.
More information about the Freeradius-Users
mailing list