<html><head></head><body style="font-family: times new roman,new york,times,serif; font-size: 12pt;"><br>I have working radius - AD authentication via winbind (MSCHAP challnge-response).<br>But I do not want to give all domain users ability to use VPN. I want to use special AD group.<br>I have considered LDAP authorization. I've read this manual<br>http://wiki.freeradius.org/Rlm_ldap<br>and configured correct ldap bind values but now I'm pretty much lost<br>How to tell freeradius, that after successful MSCHAP auth against AD it must browse AD via LDAP and check that te username belongs to specified group?<br>Any suggestions of documentation that will help, would be appriciated.<br><br>Andres Septer<br>
<span id="OLK_SRC_BODY_SECTION"><br><a href="http://navirec.com/"></a></span></body></html>