Deny AD groups

To: "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org>
Subject: Deny AD groups
From: "rmp dmd" <rmp.dmd1229@gmail.com>
Date: Thu, 1 May 2008 12:21:38 -0400
Reply-to: FreeRadius users mailing list <freeradius-users@lists.freeradius.org>

Hi,

I have a security group in AD 'noremote' that I would like to deny VPN access.

Reading the FAQ, I edit users to include

DEFAULT Group == "noremote", Auth-Type := Reject
Reply-Message = "Your account is not allowed."

but this doesn't work.

I also tried below which I based on my previous query to deny AD users (this is working)

DEFAULT Group == "noremote", MS-CHAP-Use-NTLM-Auth := 0,Auth-Type := Reject
Reply-Message = "Your account is not allowed."

but still doesn't work.

I'm not sure how the group should be used. So I also tested including the domain such as

Group==DOMAIN\\noremote, Group==DOMAIN+noremote but still no success.

Thanks in advance!

Roehl

Follow-Ups:
- Re: Deny AD groups
  - From: Alan DeKok <aland@deployingradius.com>

This archive was generated by a fusion of Pipermail (Mailman edition) and MHonArc.