inactive users can authenticate

Phil Mayers p.mayers at
Wed Jun 26 21:14:49 CEST 2013

Couple of things:

IIRC the account control flags are checked by the "mschap" module, which I see is running before the LDAP lookup - try moving mschap after LDAP in "authorise"

Second, I can't remember if mschap checks the acct control flags in "authorize" or "authenticate". If the latter you'll need to move away from using LDAP bind for auth
Sent from my phone with, please excuse brevity and typos
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Freeradius-Users mailing list