Efficient AD group matching via the new wbclient interface
Isaac Boukris
iboukris at gmail.com
Sat Feb 10 16:22:56 CET 2018
Hello all,
I am working on improving AD group matching for mschap authentication,
taking advantage of the new wbclient direct interface which returns
the user's token (including group membership SIDs) as part of NTLM
authentication.
Work in progress:
https://github.com/frenche/freeradius-server/commit/9af7dfd634a251f68b07064603ccbbca308492bf
I'm now thinking on how to implement the caching of group-name to SID
mapping with configurable timeout, ideally using existing interface -
ideas welcome.
@mcnewton, I noticed at last there is a similar group-compare function
in v4 branch, though I think the two actually can complete each other.
Thoughts?
Thank you,
Isaac B.
More information about the Freeradius-Users
mailing list