AD group Auth
Matthew Newton
mcn at freeradius.org
Thu Aug 15 17:06:27 CEST 2019
On Thu, 2019-08-15 at 14:13 +0200, Alex Jordaan wrote:
> I configured the winbind and joined it to the AD domain
> I configured Freeradius to use mschap with ntlm_auth to authenticate
> the users from AD
>
> This worked fine.
>
> I am now trying to configure the system to only allow authentication
> if a user belongs to a specific group on AD
You might be able to use the rlm_unix module to compare the group, when
you're using winbind, but I wouldn't.
You've already been advised to use the ldap module. Your debug output
hasn't got either the unix or ldap modules in it.
Configure rlm_ldap, and use that. It's the best solution for AD groups.
Then you'll need to use "LDAP-Group" to compare instead of "Group".
LDAP instructions are all on the wiki.
--
Matthew
More information about the Freeradius-Users
mailing list