Hi, I have a security group in AD 'noremote' that I would like to deny VPN access. Reading the FAQ, I edit users to include DEFAULT Group == "noremote", Auth-Type := Reject Reply-Message = "Your account is not allowed." but this doesn't work. I also tried below which I based on my previous query to deny AD users (this is working) DEFAULT Group == "noremote", MS-CHAP-Use-NTLM-Auth := 0,Auth-Type := Reject Reply-Message = "Your account is not allowed." but still doesn't work. I'm not sure how the group should be used. So I also tested including the domain such as Group==DOMAIN\\noremote, Group==DOMAIN+noremote but still no success. Thanks in advance! Roehl
rmp dmd wrote:
I have a security group in AD 'noremote' that I would like to deny VPN access.
Reading the FAQ, I edit users to include
DEFAULT Group == "noremote", Auth-Type := Reject Reply-Message = "Your account is not allowed." but this doesn't work.
The "Group" attribute is for UNIX groups. i.e. /etc/group. If you want to check an LDAP group, use the LDAP-Group attribute. This isn't well documented... Alan DeKok.
participants (2)
-
Alan DeKok -
rmp dmd