Deny AD groups
Alan DeKok
aland at deployingradius.com
Thu May 1 18:49:12 CEST 2008
rmp dmd wrote:
> I have a security group in AD 'noremote' that I would like to deny VPN
> access.
>
> Reading the FAQ, I edit users to include
>
> DEFAULT Group == "noremote", Auth-Type := Reject
> Reply-Message = "Your account is not allowed."
> but this doesn't work.
The "Group" attribute is for UNIX groups. i.e. /etc/group.
If you want to check an LDAP group, use the LDAP-Group attribute.
This isn't well documented...
Alan DeKok.
More information about the Freeradius-Users
mailing list