Checking for disabled ad account
Caines, Max
Max.Caines at wlv.ac.uk
Thu Oct 26 13:19:40 CEST 2017
You can use a bitwise filter in LDAP to test if an account is disabled. See https://support.microsoft.com/en-us/help/269181/how-to-query-active-directory-by-using-a-bitwise-filter
Regards
Max
-----Original Message-----
From: Freeradius-Users [mailto:freeradius-users-bounces+max.caines=wlv.ac.uk at lists.freeradius.org] On Behalf Of Alan DeKok
Sent: 25 October 2017 19:01
To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Subject: Re: Checking for disabled ad account
On Oct 25, 2017, at 1:19 PM, Alex Sharaz <alex.sharaz at york.ac.uk> wrote:
> I’ve configured EAP-TLS with ocsp validation in FR 3.0.16
> I’ve now been told that I need to also check that the username associated with the account hasn’t been disabled in our AD service.
>
> Same FR server also does EAP-PEAP auth against AD
>
> Any suggestions as to how I might do this ?
Configure the LDAP module, and do an LDAP query.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list