Checking for disabled ad account
Alex Sharaz
alex.sharaz at york.ac.uk
Thu Oct 26 15:40:46 CEST 2017
Cool!
Many thanks
Alex
Sent from my iPhone 6 plus
> On 26 Oct 2017, at 12:19, Caines, Max <Max.Caines at wlv.ac.uk> wrote:
>
> You can use a bitwise filter in LDAP to test if an account is disabled. See https://support.microsoft.com/en-us/help/269181/how-to-query-active-directory-by-using-a-bitwise-filter
>
> Regards
>
> Max
>
> -----Original Message-----
> From: Freeradius-Users [mailto:freeradius-users-bounces+max.caines=wlv.ac.uk at lists.freeradius.org] On Behalf Of Alan DeKok
> Sent: 25 October 2017 19:01
> To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
> Subject: Re: Checking for disabled ad account
>
>> On Oct 25, 2017, at 1:19 PM, Alex Sharaz <alex.sharaz at york.ac.uk> wrote:
>> I’ve configured EAP-TLS with ocsp validation in FR 3.0.16
>> I’ve now been told that I need to also check that the username associated with the account hasn’t been disabled in our AD service.
>>
>> Same FR server also does EAP-PEAP auth against AD
>>
>> Any suggestions as to how I might do this ?
>
> Configure the LDAP module, and do an LDAP query.
>
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list