Global User Blacklist

David Aldwinckle daldwinc at
Mon Jul 30 19:28:02 CEST 2012

Thanks for your response, Alan.

I'll give that a shot.

Is it to correct to assume that the only additional thing I should need is to uncomment "ldap" in the authorize stanza of the inner-tunnel? I would imagine listing it after eap in the default server would have a large impact on performance.


On 2012-07-30, at 1:11 PM, Alan DeKok <aland at> wrote:

> David Aldwinckle wrote:
>> Is it possible to do LDAP group checking in post-auth of the default server even if the request is EAP?
>  Yes.
>  if (LDAP-Group == "banned") {
> 	reject
>  }
> -
> List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list