Hi all ,
I am on the same problem ...and I wanna say one thing:
DEFAULT  LDAP-Group == "it", Auth-Type = LDAP ....doesn't work (as it mentioned in etc/radb/modules/ldap file ...That's all!!!
freeradiusServer  2.1.6


2009/9/10 Alan DeKok <aland@deployingradius.com>
Michael March wrote:
> I've been playing around with this all day and I'm stumped.

 Please read the "man" page for the "users" file.

> Does anyone have a config for ANY version of FreeRadius that works
> with LDAP groups?

 Yes.

>
> On Tue, Sep 8, 2009 at 11:17 PM, Michael March wrote:
>> The scoop is I'm using Freeradius 1.1.3 under RHEL/Centos 5.2 and I'm
>> trying to get authentication working so FreeRadius will authenticate a
>> user OLNY if they are in a certain LDAP group.. In this case that
>> group is called 'it'.

 That's simple enough.

>> DEFAULT Auth-Type = LDAP
>>         Fall-Through = 1
>>
>> DEFAULT LDAP-Group == it
>>         Service-Type = Administrative-User

 That configuration does NOT match your requirements.  It:

  a) sets authentication to LDAP
  b) adds Service-Type... for users in the "it" LDAP group

 It's really that simple.

 What you want is:

  a) for users in "it" group, set LDAP authentication
  b) reject everyone else

 i.e. For (a), put the configuration in ONE entry in the "users" file.

DEFAULT  LDAP-Group == "it", Auth-Type = LDAP
# NO FALL-THROUGH

DEFAULT Auth-Type := Reject

 Alan DeKok.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



--
JJohnny R.
Phone: +212663682554, +212533158575
Tangier National School of Applied Sciences
ZIP 1818 TANGIER 90000
---------Morocco ---------------