Thanks. I put it on users aduser1 MS-CHAP-Use-NTLM-Auth := 0, Auth-Type := Reject restart radius: /etc/init.d/radiusd restart test but user aduser1 can still log to our VPN. On Wed, Apr 30, 2008 at 12:47 PM, Nicolas Goutte < nicolas.goutte@extragroup.de> wrote:
Am 30.04.2008 um 18:41 schrieb rmp dmd:
thanks for the reply.
Just to confirm.
I add that line also on ~/raddb/users?
Sorry to not have mentioned. I'm new on radius.
As far as I understand: yes.
The line looks like an user entry.
Have a nice day!
Thanks again! Roehl
2008/4/30 Ivan Kalik <tnt@kalik.net>:
To stop a valid AD account from being authenticated you need to avoid ntlm_auth:
testuser MS-CHAP-Use-NTLM-Auth := 0, Auth-Type := Reject
Ivan Kalik Kalik Informatika ISP
Dana 30/4/2008, "rmp dmd" <rmp.dmd1229@gmail.com> piše:
Hi,
We have a wireless network that uses freeRadius integrated with AD for authentication. There are some test user accounts on AD that I would like to deny access on our Wireless and VPN.
I have tried "How do I deny access to a specific user, or group of users" on FAQ but it is not working. I'm guessing that this is not the correct method.
Please help me on how to set-up correctly.
Thanks! Roehl
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Nicolas Goutte
extragroup GmbH - Karlsruhe Waldstr. 49 76133 Karlsruhe Germany
Geschäftsführer: Stephan Mönninghoff, Hans Martin Kern, Tilman Haerdle Registergericht: Amtsgericht Münster / HRB: 5624 Steuer Nr.: 337/5903/0421 / UstID: DE 204607841
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html