LDAP authorization

Matthew Ceroni matthewceroni at gmail.com
Thu Mar 7 01:55:42 CET 2013

I am using LDAP authorization. What I am looking to accomplish is to
reject/deny (so not even attempt authentication) for disabled users.

I am authentication against AD (use LDAP for authorize and ntlm for

If I were to search for all none disabled users using ldapsearch, the
filter query for this would
be: !(userAccountControl:1.2.840.113556.1.4.803:=2)

That is the part that limits the results to only enabled users. Wondering
how I would do this in FreeRadius? Even on a more general level how I would
reject based off certain returned attributes.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130306/b27c1e31/attachment.html>

More information about the Freeradius-Users mailing list