Active Directory authenticated VPN

Pisch Tamás pischta at gmail.com
Thu Apr 22 15:07:34 CEST 2021


Hello,

I would like to set up VPN on a Samba DC (Debian Bullseye). I could set it
up with ntlm_auth, but I read that ntlm_auth may serve about 30 request per
second maximum, and uses smbv1.
I would like to filter users by group or msNPAllowDialin AD property.
I can use:

winbind_username = "%{mschap:User-Name}"
winbind_domain = "%{mschap:NT-Domain}"

in mschap, but how I can filter users?

Regards,

Tamas.


More information about the Freeradius-Users mailing list