Hello, I figure that other people might benefit from this too, so... I was correct in my previous message. I added ldap to the authorize section of the inner tunnel, and did the group checking in the post-auth of the default server and everything worked wonderfully. Dave On 2012-07-30, at 1:28 PM, David Aldwinckle <daldwinc@uwaterloo.ca> wrote:
Thanks for your response, Alan.
I'll give that a shot.
Is it to correct to assume that the only additional thing I should need is to uncomment "ldap" in the authorize stanza of the inner-tunnel? I would imagine listing it after eap in the default server would have a large impact on performance.
Dave
On 2012-07-30, at 1:11 PM, Alan DeKok <aland@deployingradius.com> wrote:
David Aldwinckle wrote:
Is it possible to do LDAP group checking in post-auth of the default server even if the request is EAP?
Yes.
if (LDAP-Group == "banned") { reject } - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html