Greetings, I am running FreeRADIUS 2.1.8 on Ubuntu 8.04, attempting to use the ldap module. I only want to authenticate users in a certain group. These groups exist in LDAP as a "posixGroup" with a "memberUID" list. As I have it configured currently, I get an "Access-Accept" for any user in the directory. The ldap module is configured as such: ldap { server = "192.168.1.99" identity = "cn=admin,dc=corp,dc=example,dc=com" password = s3cret basedn = "dc=corp,dc=example,dc=com" filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})" ldap_connections_number = 5 timeout = 4 timelimit = 3 net_timeout = 1 tls { start_tls = no } dictionary_mapping = ${confdir}/ldap.attrmap edir_account_policy_check = no groupname_attribute = cn groupmembership_attribute = NOC groupmembership_filter = (&(objectClass=posixGroup)(memberUid=%{Stripped-User-Name:-%{User-Name}})) } I've also seen recomendations to add something like this to the users file: DEFAULT LDAP-Group == NOC Service-Type = Administrative-User Now I can see the service-type displayed when I do a radtest using the username/password of users in the "NOC" group, but I still see an "Access-Accept" for users who are not in the group. How can I make the server reject users that aren't in the NOC group? Any hints would be fantastic.