Freeradius Samba4 group restriction
Matthew Newton
mcn4 at leicester.ac.uk
Tue Feb 7 12:19:12 CET 2017
On Tue, Feb 07, 2017 at 08:50:02AM +0100, Dávid Erős wrote:
> Thank you for the link ,but I'd like to avoid using Ldap. Is there another
> way to get this done by winbind and rlm_unix?
rlm_ldap is still the best way at present.
There is new experimental code in the unsupported v3.1.x branch which
can check groups directly with winbind. If you want to give it a
spin, look at rlm_winbind. Make sure you only check groups in
post-auth after a successful authentication.
https://github.com/FreeRADIUS/freeradius-server/blob/v3.1.x/raddb/mods-available/winbind
But you're pretty much on your own if something breaks with 3.1.x.
I guess you could try using rlm_unix and Samba groups or something
like that, but configuring ldap would be a much cleaner solution.
Matthew
--
Matthew Newton, Ph.D. <mcn4 at leicester.ac.uk>
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
More information about the Freeradius-Users
mailing list