inactive users can authenticate
Phil Mayers
p.mayers at imperial.ac.uk
Wed Jun 26 21:14:49 CEST 2013
Couple of things:
IIRC the account control flags are checked by the "mschap" module, which I see is running before the LDAP lookup - try moving mschap after LDAP in "authorise"
Second, I can't remember if mschap checks the acct control flags in "authorize" or "authenticate". If the latter you'll need to move away from using LDAP bind for auth
--
Sent from my phone with, please excuse brevity and typos
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130626/56439016/attachment.html>
More information about the Freeradius-Users
mailing list