Freeradius Samba4 group restriction
Brian Candler
b.candler at pobox.com
Tue Feb 7 15:02:20 CET 2017
On 07/02/2017 11:19, Matthew Newton wrote:
> On Tue, Feb 07, 2017 at 08:50:02AM +0100, Dávid Erős wrote:
>> Thank you for the link ,but I'd like to avoid using Ldap. Is there another
>> way to get this done by winbind and rlm_unix?
> rlm_ldap is still the best way at present.
>
> There is new experimental code in the unsupported v3.1.x branch which
> can check groups directly with winbind. If you want to give it a
> spin, look at rlm_winbind. Make sure you only check groups in
> post-auth after a successful authentication.
Aside: if you're doing any sort of policy checking in post-auth, what's
the official / supported way to change an Access-Accept into an
Access-Reject ?
Is it simply to invoke 'reject' from the 'always' module?
Thanks,
Brian.
More information about the Freeradius-Users
mailing list