Christ Schlacta wrote: > This morning around 7AM local time I blocked an offending user from the > wifi network by adding their account to the disabled-users group in the > ldap directory. Until 7PM, I got no entries in my log specifying Login > incorrect for the offending host until approximately 7PM. The client > was able to connect and continue to access the network successfully the > entire time. I also effectively kicked the user at the access point > after setting the account to disabled. For over 12 hours the user > account was able to continue to connect unhindered.
Did the user *reconnect* during that time? Or did the user stay connected? Setting a user to blocked simply stops them from connecting the *next* time that they connect. It doesn't kick the off of the network now. If they continued to re-connect during that time, run the server in debug mode to see why. Odds are you made a mistake, and were returning Access-Accept. If the server returns Access-Reject, the user *will not* be able to log in. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
