Prevent login for valid but unauthorized users.

[D C]

I realize this is somewhat vendor specific, but was hoping there is a
general method to handle this in freeradius.

Currently using freeradius 2.1.12 with openldap 2.4.23.

- Login with my ldap credentials works.
- My admin users with appropriate attributes get privilege level 15.
- ALL valid users are able to log in and do at least some show commands.

I want to prevent login entirely by default for all of my ldap users.  What
is the best way to do this?

What may be complicating this, is that all the users have radiusProfile in
their ldap accounts which is needed for our vpn access.