Univention Bugzilla – Bug 31587
Radius authentication ignores "Account deactivation"
Last modified: 2013-08-15 09:45:19 CEST
I have a user with Account deactivation: All disabled Locked login methods: Lock all login methods but im still able to login to the radius server with that user.
A sucessful authentication (e.g. login at the wireless accesspoint) should only be possible if the samba flags "locked" and "deactivated" are not set for that user. It has to be tested, if the S4 connector syncs these flags between AD and UCS LDAP.
(In reply to Sönke Schwardt-Krummrich from comment #1) > It has to be tested, if the S4 connector syncs these flags > between AD and UCS LDAP. The "D" flag is synced correctly.
(In reply to Sönke Schwardt-Krummrich from comment #1) > It has to be tested, if the S4 connector syncs these flags > between AD and UCS LDAP. The "L" flag is NOT synced.
(In reply to Janek Walkenhorst from comment #3) > (In reply to Sönke Schwardt-Krummrich from comment #1) > > It has to be tested, if the S4 connector syncs these flags > > between AD and UCS LDAP. > The "L" flag is NOT synced. → Bug #32010
\item The WLAN 802.1x integration (\ucsName{ucs-school-radius-802.1x}) now disallows access when an account is locked or disabled (\ucsBug{31587}). ucs-school-radius-802.1x (3.0.1-1) unstable; urgency=low * deny WLAN access for disabled/locked accounts (Bug #31587)
OK - ucs-school-radius-802.1x (account deactivation, locked login methods) OK - changelog
UCS@school 3.1 R2-1 has been released: http://download.univention.de/doc/release-notes-ucsschool-3.1-rev2-1.pdf If this error occurs again, please use "Clone This Bug".