Dear Freeradius users: I am trying to set up my authentication to allow only users with a particular value of a particular LDAP attribute to login. I am using freeradius 1.1.7 and I have the authentication going against Kerberos but I do not know how to have the radius server check the value of the attribute before allow access. If they are not in the group, it should send back the reject packet. Does anyone know how to perform a check item check against a particular LDAP attribute? Here is how I can set an attribute to the value and it works correctly: DEFAULT Auth-Type = Kerberos, NAS-IP-Address == 1.2.3.4, NAS-Port == 10 Connect-Info = "%{ldap:ldap:///dc=test,dc=com?testValue?sub?uid=%u}" Any suggestions would be appreciated. Regards, Ken Marshall