At 04:33 AM 12/4/2009, Alan DeKok wrote:
freeradius@corwyn.net wrote:
Note that the configuring of SAMBA, kerberos, and adding to the domain should already be done as part of the default Linux install, see h:\is\operating system\Linux\Guide_linux.doc
This file is... ?
Heh, part of our internal documentation structure. As long as I'm copy/pasting this from that, it's likely to stay in there.
Update max_requests to # users * 256 That isn't necessary. It should be no more than "max request/s * max_request_time".
Well the docs say: # max_requests: The maximum number of requests which the server keeps # track of. This should be 256 multiplied by the number of clients. # e.g. With 4 clients, this number should be 1024. so I was just doing what this said.
Add to the end of the acct listen {..} (to permit groups of clients) clients = disambiguate
I don't understand why this is necessary. All it does is put the clients into a sub-section. There's no additional value or capabilities in doing this.
I probably picked this up from one of the random docs while trying to puzzle things out that weren't clear. Since it helps show how to use a subsection, it's useful to me.
Since we're not using any of these methods for the Ciscos, in authenticate{..} disable: chap, mschap, suffix, ntdomain, unix, pap
Add to the end of the authorize{..} section: ntlm_auth
Or to the end of the "authenticate" section?
d'oh! good catch (it's right in the appendix at least) Thanks! Rick