13 Jul
2018
13 Jul
'18
7:19 a.m.
On Fri, 2018-07-13 at 11:26 +0100, Alex Sharaz via Freeradius-Users wrote:
This all works except for the fact I'm not checking for an enabled AD account. FR is configured to use winbindd. The TLS cert CN is of the form <userid>-<4digit hex number>@york.ac.uk
Is there any way of me checking for an enabled AD account? e.g. ntlm_auth using userid component of the CN and checking a status response ? or another way ?
Split the CN up with a regex to get the username, then do an LDAP lookup against AD to check to see if the account is enabled or not. -- Matthew