<html><head><style type='text/css'>body { font-family: 'Times New Roman'; font-size: 12pt; color: #000000}</style></head><body>Frank,<br><br>Thank you - greatly appreciated. This made me realise that my thinking was foggy when I had defined group memberships. All working now.<br><br>Cheers,<br>David<br>----- Original Message -----<br>From: "Frank MR Ranner" <Frank.Ranner@defence.gov.au><br>To: "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org><br>Sent: Wednesday, 31 October 2007 10:20:36 AM (GMT+1000) Australia/Brisbane<br>Subject: RE: Configure authentication via LDAP Group membership issue [sec=unclassified]<br><br>...<br>_______________________________<br><br>The memberUid attribute in a posixgroup is supposed to hold the uid, not<br>the uidNumber. That would make your groupmembership_filter =<br>"(memberUid=%{User-Name})" or more robustly, <br>groupmembership_filter =<br>"(&(memberUid=%{Stripped-User-Name:-%{User-Name}})(objectClass=posixGrou<br>p))"<br><br>Regards,<br>Frank Ranner<br><br><br></body></html>