Enabling / disabling active directory users

Neil Prockter n.prockter at lse.ac.uk
Wed Jun 16 21:48:49 CEST 2010


On 16/06/10 14:18, Iain Grant wrote:
> We have on site a Windows 2008 RC2 domain controller ( 64-bit ) which I
> have a linux based freeradius server hanging from.
> 
> My question is, other than changing the users file on the freeradius
> server, is there another way of disabling a user from authentication
> through the radius server but still allow them access via the active
> directory route.
Have a group for users who may access via radius and use that in the
ldap module's groupmembership_filter.

(warning: treat my advice with caution I'm a novice here.)
> So for example, a user can log in quite happily on site using their
> windows machine.
> 
> If they go offsite and try authentication via the radius server they
> will not be allowed.
> 
> Does active directory have a flag or something that can be set against
> the user account to deny access via a radius link.
> 
> Thanks
> 
> Iain
> 
> 
> ______________________________________________________
> SCRI, Invergowrie, Dundee, DD2 5DA.
> The Scottish Crop Research Institute is a charitable company limited by
> guarantee.
> Registered in Scotland No: SC 29367.
> Recognised by the Inland Revenue as a Scottish Charity No: SC 006662.
> 
> 
> DISCLAIMER:
> 
> This email is from the Scottish Crop Research Institute, but the views
> expressed by the sender are not necessarily the views of SCRI and its
> subsidiaries. This email and any files transmitted with it are
> confidential to the intended recipient at the e-mail address to which it
> has been addressed. It may not be disclosed or used by any other than
> that addressee.
> If you are not the intended recipient you are requested to preserve this
> confidentiality and you must not use, disclose, copy, print or rely on
> this e-mail in any way. Please notify postmaster at scri.ac.uk quoting the
> name of the sender and delete the email from your system.
> 
> Although SCRI has taken reasonable precautions to ensure no viruses are
> present in this email, neither the Institute nor the sender accepts any
> responsibility for any viruses, and it is your responsibility to scan
> the email and the attachments (if any).
> ______________________________________________________
> 
> 
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


Please access the attached hyperlink for an important electronic communications disclaimer: http://www.lse.ac.uk/collections/planningAndCorporatePolicy/legalandComplianceTeam/legal/disclaimer.htm



More information about the Freeradius-Users mailing list