Global User Blacklist
David Aldwinckle
daldwinc at uwaterloo.ca
Tue Jul 31 14:26:29 CEST 2012
Hello,
I figure that other people might benefit from this too, so...
I was correct in my previous message. I added ldap to the authorize section of the inner tunnel, and did the group checking in the post-auth of the default server and everything worked wonderfully.
Dave
On 2012-07-30, at 1:28 PM, David Aldwinckle <daldwinc at uwaterloo.ca> wrote:
> Thanks for your response, Alan.
>
> I'll give that a shot.
>
> Is it to correct to assume that the only additional thing I should need is to uncomment "ldap" in the authorize stanza of the inner-tunnel? I would imagine listing it after eap in the default server would have a large impact on performance.
>
> Dave
>
> On 2012-07-30, at 1:11 PM, Alan DeKok <aland at deployingradius.com> wrote:
>
>> David Aldwinckle wrote:
>>> Is it possible to do LDAP group checking in post-auth of the default server even if the request is EAP?
>>
>> Yes.
>>
>> if (LDAP-Group == "banned") {
>> reject
>> }
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list