Active Directory authenticated VPN

Pisch Tamás pischta at
Thu Apr 22 15:07:34 CEST 2021


I would like to set up VPN on a Samba DC (Debian Bullseye). I could set it
up with ntlm_auth, but I read that ntlm_auth may serve about 30 request per
second maximum, and uses smbv1.
I would like to filter users by group or msNPAllowDialin AD property.
I can use:

winbind_username = "%{mschap:User-Name}"
winbind_domain = "%{mschap:NT-Domain}"

in mschap, but how I can filter users?



More information about the Freeradius-Users mailing list