Re: Ldap Group Attribute radiusGroupName

Kostas Kalevras wrote:
> You 've got multiple instances of the ldap module and you 're using the
> wrong one to perform group checks. Use:
>
> DEFAULT <ldap_instance>-Ldap-Group == disabled, Auth-Type := Reject

Ok Things statring to be more interesting now. I've using the following
entry in users as below:



DEFAULT ocesbldap-Ldap-Group ==
"cn=disabled,ou=profiles,dc=ocesb,dc=com,dc=my,dc= .", Auth-Type := Reject
Reply-Message = "Sorry, you are not allowed to have dialup access"

=================OR==================

DEFAULT ocesbldap-Ldap-Group == disabled, User-Profile :=
"cn=disabled,ou=profiles,dc=ocesb,dc=com,dc=my,dc= .", Auth-Type := Reject
Reply-Message = "Sorry, you are not allowed to have dialup access"

Both of them are working however...

Seem to be they don't care what group the users is in and just by
default disable everybody.

Anyone have some hints for me...


After working on this Group, I'm thinking what is the real use of Group?
Define the default attribute/replyItem for certain services?

Regards,
Chan Min Wai

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html