Could you five advise please?
UCS Radius server allows access for users even if “Allow network access” option is disabled.
root@ucs:~# univention-radius-check-access --username=TestUser
DEBUG: [user=TestUser; mac=None] Given username: "TestUser"
DEBUG: [user=TestUser; mac=None] Given stationId: "None"
DEBUG: [user=TestUser; mac=None] UCS@school RADIUS support is not installed
DEBUG: [user=TestUser; mac=None] Checking LDAP settings for user
DEBUG: [user=TestUser; mac=None] DENY 'uid=TestUser,cn=***,cn=users,dc=***,dc=***'
DEBUG: [user=TestUser; mac=None] -> DENY 'cn=Domain Admins,cn=groups,dc=***,dc=***'
DEBUG: [user=TestUser; mac=None] -> DENY 'cn=***,cn=***,cn=groups,dc=***,dc=***'
DEBUG: [user=TestUser; mac=None] -> DENY 'cn=Domain Users,cn=groups,dc=***,dc=***'
INFO: [user=TestUser; mac=None] Login attempt denied by LDAP settings
DEBUG: [user=TestUser; mac=None] User is not allowed to authenticate via RADIUS
DEBUG: [user=TestUser; mac=None] --- Thus access is DENIED.
root@ucs:~# radtest TestUser *** 127.0.0.1:1812 0 testing123
Sent Access-Request Id 203 from 0.0.0.0:59456 to 127.0.0.1:1812 length 85
User-Name = "TestUser"
User-Password = "***"
NAS-IP-Address = 10.0.0.192
NAS-Port = 0
Message-Authenticator = 0x00
Cleartext-Password = "***"
Received Access-Accept Id 203 from 127.0.0.1:1812 to 0.0.0.0:0 length 20
root@ucs:~# ucr search version/version version/patchlevel version/errata
version/erratalevel: 168
version/patchlevel: 0
version/version: 4.4
We would like to control access to the radius for our user groups, but unfortunately we can’t do this right now.