AD group Auth
mcn at freeradius.org
Thu Aug 15 17:06:27 CEST 2019
On Thu, 2019-08-15 at 14:13 +0200, Alex Jordaan wrote:
> I configured the winbind and joined it to the AD domain
> I configured Freeradius to use mschap with ntlm_auth to authenticate
> the users from AD
> This worked fine.
> I am now trying to configure the system to only allow authentication
> if a user belongs to a specific group on AD
You might be able to use the rlm_unix module to compare the group, when
you're using winbind, but I wouldn't.
You've already been advised to use the ldap module. Your debug output
hasn't got either the unix or ldap modules in it.
Configure rlm_ldap, and use that. It's the best solution for AD groups.
Then you'll need to use "LDAP-Group" to compare instead of "Group".
LDAP instructions are all on the wiki.
More information about the Freeradius-Users