In my users I have
DEFAULT LDAP-Group == foo
However, even with these configuration options set, anyone with a valid login and password can authenticate right now. In my "radiusd -X" I see:
rlm_ldap: performing search in dc=blah, with filter (&(cn=foo)(memberUid=test)) rlm_ldap: object not found or got ambiguous search result
But it then goes on the authenticate the user anyhow:
rlm_ldap: user test authorized to use remote access
I looked around on Google, and I see -lots- of stuff about configuring LDAP group checks, but I haven't found anything that's all too helpful right now. Is there some option that I have to set to tell the system to ignore a user that's not in the proper group?
Add: DEFAULT Auth-Type := Reject at the end of the users file. If none of the groups match user will be rejected even with the correct password. Ivan Kalik Kalik Informatika ISP