MSSCHAP auth + LDAP authorizaton
ndk.clanbo at gmail.com
Fri Apr 20 12:05:19 CEST 2012
Il 03/04/2012 11:05, Andres Septer ha scritto:
> I have working radius - AD authentication via winbind (MSCHAP challnge-response).
> But I do not want to give all domain users ability to use VPN. I want to use special AD group.
> Any suggestions of documentation that will help, would be appriciated.
>From "man ntlm_auth":
> Require that a user be a member of specified group (either name or
> SID) for authentication to succeed.
Just change your call to ntlm_auth accordingly. Should be faster if you
specify SID (one less 'internal lookup').
More information about the Freeradius-Users