need a little help with ldap groupings

Mark Jayson R. Alvarez jayson at
Wed May 3 10:38:44 CEST 2006


I have grouped my users in ldap using "groupofNames" objectclass.

now one group of users which I only want to allow to authenticate to the 
radius server has a dn of:

dn: cn=radiususers,ou=groups,o=example,dc=com

It has "member" attributes such as:

member: uid=user2,ou=people,o=example,dc=com
member: uid=user3,ou=people,o=example,dc=com
member: uid=user4,ou=people,o=example,dc=com
member: uid=user5,ou=people,o=example,dc=com

In my radiusd.conf I have these lines:

groupname_attribute = cn
groupmembership_filter = "(|(&(objectClass=GroupOfNames)

However, I'm not sure where to specify that only the member of the 
group "radiususer" is allowed to authenticate...
Although I can simply add an dialupAccess attribute to each user I only want 
to allow, It is difficult because I have so many users... If only there's a 
way to just tell radius to only allow the member of this group....

Please help..

More information about the Freeradius-Users mailing list