AD Authentication Permissions
A.L.M.Buxey at lboro.ac.uk
A.L.M.Buxey at lboro.ac.uk
Sat Jan 5 13:29:01 CET 2013
Hi,
> (protest if this may sound like hijacking this thread...)
> As short question since Tyler was asking for AD as backend - which I
> have read (so far)
> can't use the LDAP module since AD stores ntlm hashes - at least not
> for authentication.
huh? this wasnt about authentication, it was about authorization - ie
passing back details about what a user can do on some kit - that works fine
100% fine with LDAP and AD
> But then for LDAP groups how is that supposed to be done when using
> Samba/Winbind/ntlm_auth?
?? it isnt. ntlm_auth/samba/winbindd is purely for authentication - for
authorization you use the LDAP module talking to your AD and use the AD
as a DB oracle not an authentication source
> Can I use LDAP groups for authorization (interestingly something I've
> not really found covered online or in FreeRADIUS books I've had at
> hand).
its all covered in the books/docs/wiki
alan
More information about the Freeradius-Users
mailing list