1 May
2008
1 May
'08
12:49 p.m.
rmp dmd wrote:
I have a security group in AD 'noremote' that I would like to deny VPN access.
Reading the FAQ, I edit users to include
DEFAULT Group == "noremote", Auth-Type := Reject Reply-Message = "Your account is not allowed." but this doesn't work.
The "Group" attribute is for UNIX groups. i.e. /etc/group. If you want to check an LDAP group, use the LDAP-Group attribute. This isn't well documented... Alan DeKok.