AD, Groups, and LDAP (was Re: separating Users?)
freeradius at corwyn.net
freeradius at corwyn.net
Fri Dec 4 16:44:45 CET 2009
At 04:33 AM 12/4/2009, Alan DeKok wrote:
>freeradius at corwyn.net wrote:
> > Note that the configuring of SAMBA, kerberos, and adding to the domain
> > should already be done as part of the default Linux install, see
> > h:\is\operating system\Linux\Guide_linux.doc
>
> This file is... ?
Heh, part of our internal documentation structure. As long as I'm
copy/pasting this from that, it's likely to stay in there.
> Update max_requests to # users * 256
> That isn't necessary. It should be no more than "max request/s *
>max_request_time".
Well the docs say:
# max_requests: The maximum number of requests which the server keeps
# track of. This should be 256 multiplied by the number of clients.
# e.g. With 4 clients, this number should be 1024.
so I was just doing what this said.
> > Add to the end of the acct listen {..} (to permit groups of clients)
> > clients = disambiguate
>
> I don't understand why this is necessary. All it does is put the
>clients into a sub-section. There's no additional value or capabilities
>in doing this.
I probably picked this up from one of the random docs while trying to
puzzle things out that weren't clear. Since it helps show how to use
a subsection, it's useful to me.
> > Since we're not using any of these methods for the Ciscos, in
> > authenticate{..} disable: chap, mschap, suffix, ntdomain, unix, pap
> >
> > Add to the end of the authorize{..} section:
> > ntlm_auth
>
> Or to the end of the "authenticate" section?
d'oh! good catch (it's right in the appendix at least)
Thanks!
Rick
More information about the Freeradius-Users
mailing list