Deny AD groups
rmp dmd
rmp.dmd1229 at gmail.com
Thu May 1 18:21:38 CEST 2008
Hi,
I have a security group in AD 'noremote' that I would like to deny VPN
access.
Reading the FAQ, I edit users to include
DEFAULT Group == "noremote", Auth-Type := Reject
Reply-Message = "Your account is not allowed."
but this doesn't work.
I also tried below which I based on my previous query to deny AD
users (this is working)
DEFAULT Group == "noremote", MS-CHAP-Use-NTLM-Auth := 0,Auth-Type :=
Reject
Reply-Message = "Your account is not allowed."
but still doesn't work.
I'm not sure how the group should be used. So I also tested including the
domain such as
Group==DOMAIN\\noremote, Group==DOMAIN+noremote but still no success.
Thanks in advance!
Roehl
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080501/227fe0b4/attachment.html>
More information about the Freeradius-Users
mailing list