MSSCHAP auth + LDAP authorizaton

NdK ndk.clanbo at
Fri Apr 20 12:05:19 CEST 2012

Il 03/04/2012 11:05, Andres Septer ha scritto:

> I have working radius - AD authentication via winbind (MSCHAP challnge-response).
> But I do not want to give all domain users ability to use VPN. I want to use special AD group.
> Any suggestions of documentation that will help, would be appriciated.
>From "man ntlm_auth":
> --require-membership-of={SID|Name}
> Require that a user be a member of specified group (either name or
> SID) for authentication to succeed.

Just change your call to ntlm_auth accordingly. Should be faster if you
specify SID (one less 'internal lookup').


More information about the Freeradius-Users mailing list