Deny Users AD on Freeradius + Wireless&VPN

Ivan Kalik tnt at kalik.net
Thu May 1 00:19:14 CEST 2008


Debug (radiusd -X output). You said AD integration - that should work as
mschap request with ntlm_auth.

Ivan Kalik
Kalik Informatika ISP


Dana 30/4/2008, "rmp dmd" <rmp.dmd1229 at gmail.com> piše:

>Thanks.
>
>I put it on users
>   aduser1  MS-CHAP-Use-NTLM-Auth := 0, Auth-Type := Reject
>restart radius: /etc/init.d/radiusd restart
>test but user aduser1 can still log to our VPN.
>
>On Wed, Apr 30, 2008 at 12:47 PM, Nicolas Goutte <
>nicolas.goutte at extragroup.de> wrote:
>
>>
>>  Am 30.04.2008 um 18:41 schrieb rmp dmd:
>>
>>  thanks for the reply.
>>
>> Just to confirm.
>>
>> I add that line also on ~/raddb/users?
>>
>> Sorry to not have mentioned.  I'm new on radius.
>>
>>
>> As far as I understand: yes.
>>
>> The line looks like an user entry.
>>
>> Have a nice day!
>>
>>
>>
>> Thanks again!
>> Roehl
>>
>> 2008/4/30 Ivan Kalik <tnt at kalik.net>:
>>
>> > To stop a valid AD account from being authenticated you need to avoid
>> > ntlm_auth:
>> >
>> > testuser   MS-CHAP-Use-NTLM-Auth := 0, Auth-Type := Reject
>> >
>> > Ivan Kalik
>> > Kalik Informatika ISP
>> >
>> >
>> > Dana 30/4/2008, "rmp dmd" <rmp.dmd1229 at gmail.com> pi�e:
>> >
>> > >Hi,
>> > >
>> > >We have a wireless network that uses freeRadius integrated with AD for
>> > >authentication.  There are some test user accounts on AD that I would
>> > like
>> > >to deny access on our Wireless and VPN.
>> > >
>> > >I have tried "How do I deny access to a specific user, or group of
>> > users" on
>> > >FAQ  but it is not working.  I'm guessing that this is not the correct
>> > >method.
>> > >
>> > >Please help me on how to set-up correctly.
>> > >
>> > >Thanks!
>> > >Roehl
>> > >
>> > >
>> >
>> > -
>> > List info/subscribe/unsubscribe? See
>> > http://www.freeradius.org/list/users.html
>> >
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>>
>>  Nicolas Goutte
>>
>>
>> extragroup GmbH - Karlsruhe
>> Waldstr. 49
>> 76133 Karlsruhe
>> Germany
>>
>> Geschäftsführer: Stephan Mönninghoff, Hans Martin Kern, Tilman Haerdle
>> Registergericht: Amtsgericht Münster / HRB: 5624
>> Steuer Nr.: 337/5903/0421 / UstID: DE 204607841
>>
>>
>>
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>
>




More information about the Freeradius-Users mailing list