Disabling users/hosts
Ramon Escriba
escriba at cells.es
Tue Oct 5 12:36:42 CEST 2010
Hi List,
It's a bit naive question, just to keep concepts clear.
I want to use the "dialupAccess" attribute to enable or disable one
user/host to login.
So if "dialupAccess : disabled", the user/host is rejected.
I've one ldap instance with:
#
# Group membership checking. Disabled by default.
#
groupname_attribute = dialupAccess
groupmembership_filter = "(objectClass=radiusProfile)(uid=%u)"
groupmembership_attribute = dialupAccess
In users:
############################################################################
######
## Disabled accounts in LDAP
############################################################################
######
DEFAULT Ldap-Group==disabled, Auth-Type := Reject
Reply-Message := "FAIL: Account disabled. Please call helpdesk.",
Fall-Through = no
############################################################################
######
Matchs the idea?, or should be done in a different way?
Thanks.
More information about the Freeradius-Users
mailing list