inactive users can authenticate

Phil Mayers p.mayers at imperial.ac.uk
Wed Jun 26 21:14:49 CEST 2013


Couple of things:

IIRC the account control flags are checked by the "mschap" module, which I see is running before the LDAP lookup - try moving mschap after LDAP in "authorise"

Second, I can't remember if mschap checks the acct control flags in "authorize" or "authenticate". If the latter you'll need to move away from using LDAP bind for auth
-- 
Sent from my phone with, please excuse brevity and typos
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130626/56439016/attachment.html>


More information about the Freeradius-Users mailing list