Univention Bugzilla – Bug 53265
"Allow network access" in MGT-Console not honoured when using auth-type ttls
Last modified: 2021-05-17 09:40:28 CEST
Setting ucr set freeradius/conf/auth-type/mschap=no ucr set freeradius/conf/auth-type/ttls=yes disables the possibility to disallow network access to users. Fix: --- /etc/univention/templates/files/etc/freeradius/3.0/mods-available/ldap-univention 2021-05-16 16:49:08.863039026 +0200 +++ /etc/univention/templates/files/etc/freeradius/3.0/mods-available/ldap 2021-05-17 09:33:18.882638005 +0200 @@ -229,7 +229,7 @@ # If this is undefined, anyone is authorised. # If it is defined, the contents of this attribute # determine whether or not the user is authorised -# access_attribute = 'dialupAccess' + access_attribute = 'univentionNetworkAccess' # Control whether the presence of 'access_attribute' # allows access, or denys access. @@ -253,7 +253,7 @@ # userAccessAllowed: false # # Will result in the user being locked out. -# access_positive = yes + access_positive = yes } #