rmp dmd wrote: > I have a security group in AD 'noremote' that I would like to deny VPN > access. > > Reading the FAQ, I edit users to include > > DEFAULT Group == "noremote", Auth-Type := Reject > Reply-Message = "Your account is not allowed." > but this doesn't work.
The "Group" attribute is for UNIX groups. i.e. /etc/group. If you want to check an LDAP group, use the LDAP-Group attribute. This isn't well documented... Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
