Restricting Access by Group Membership
Dusty Doris
freeradius at mail.doris.cc
Wed Jul 20 22:07:34 CEST 2005
On Wed, 20 Jul 2005 jp at joshmp.com wrote:
> My fault...members of that group are DENIED access. Now I get.
>
> So, that leads me to another question. How do I change the syntax so that users
> are ALLOWED access if they are a member of the specified group? I tried
> changing the line in the users file to Auth-Type := Allow, but this didn't work.
> Unfortunately, I can't find anything on this in rlm_ldap or FAQ.
>
> Thanks in advance,
>
> Josh
Just think backwards.
DEFAULT Ldap-Group == "cn=remoteusers,o=services"
DEFAULT Auth-Type := Reject
Reply-Message = "Your account has been disabled"
That will see if you match Ldap-Group, if not, you won't match that line
in the users file so it will try the next line. The next line rejects
everyone.
More information about the Freeradius-Users
mailing list