Hi, I tried the suggestion and it didn't work, here are the involved radiusd.conf sections. You will also notice mschap and similars, that's because we also have dialup users who need an ldap lookup for their belonging to a dialup group and the password. I also need to check if chap still works with this configuration... instantiate { exec ldap files expr } authorize { preprocess auth_log chap mschap suffix eap files pap } authenticate { Auth-Type PAP { pap } Auth-Type CHAP { chap } Auth-Type MS-CHAP { mschap } eap } And this is the users file line: john.doe@test.com Cleartext-Password := "a", Ldap-Group == "wifi" I also used this one: john.doe@test.com Ldap-Group == "wifi" with EAP-TLS. No way. Both first perform a user-existence check in the ldap_groupcmp() call. Meaning these both work if user exists in the LDAP tree. In the meanwhile I'm looking at the source code for this call... it sounds like this search is hardcoded somewhere. Forgive my suckage. T_T Bye, Inverse On 7/26/07, inverse <inverse@ngi.it> wrote:
users file line: john.doe@test.com Auth-Type := EAP, User-Password == "a", Ldap-Group == "wifi"
Totally wrong. You want:
john.doe@test.com Cleartext-Password := "a", Ldap-Group == "wifi"
Thanks, I owe you one
Bye, Inverse.
-- "In a sea of glass shards, I hear you screaming" --icchan