On Wed, February 15, 2006 1:15 pm, Alan DeKok wrote:
"Jay Lee" <jlee@pbu.edu> wrote:
My last task is to allow Wireless authentication only to members of a given LDAP Group. ... i.e. to reject wireless for everyone else.
So the glass is half empty? :-)
If I empty out /etc/raddb/users completely, authentication works. If I put the following in users: DEFAULT LDAP-Group == "Wireless", Auth-Type := Accept Then people in the wireless group don't have their passwords checked.
Yeah, guess that's not what I want, I thought the group check was taking place after the password check.
DEFAULT Auth-Type := Reject And everyone else gets rejected. However, the wireless client never quite seems to finish associating. Any ideas what I'm doing wrong here? What should the users file look like to allow anyone who is a member of the Wireless LDAP group and deny everyone else?
DEFAULT LDAP-Group != "Wireless", Auth-Type := Reject
That rejects everyone who isn't in wireless. As for the wireless people, their passwords should be checked using the normal process. You shouldn't have to do anything special there.
That works perfectly, thanks! Jay -- Jay Lee Network / Systems Administrator Information Technology Dept. Philadelphia Biblical University --