group search filter openLDAP
Phil Mayers
p.mayers at imperial.ac.uk
Sun Mar 25 13:46:33 CEST 2012
On 03/25/2012 12:09 PM, Fajar A. Nugraha wrote:
> On Sun, Mar 25, 2012 at 4:47 PM, dhanushka ranasinghe
> <parakrama1282 at gmail.com> wrote:
>> Hi..
>>
>> we changed Auth-Type := Accept to Auth-Type := PAP , then it starts to work
>
> You shouldn't need to do that. A cleaner way would be to read
> http://freeradius.org/radiusd/man/users.html , and probably just use
> something like this
>
> DEFAULT Ldap-Group != "cn=people,ou=users,dc=home,dc=com", Auth-Type := Reject
>
I don't think that works with LDAP, does it?
Maybe:
DEFAULT Ldap-Group == "cn=people,ou=users,dc=home,dc=com"
Fall-Through = No
DEFAULT Auth-Type := Reject
More information about the Freeradius-Users
mailing list