Usuário do Sistema wrote: > how to deny access by group ? if user is member of the group it's able > login in otherwise the user is deny See the FAQ. Put this at the top of the "users" file: DEFAULT LDAP-Group != "allowed", Auth-Type := Reject Alan DeKok.