Migrating FR 3.0.19 from using WINBIND to LDAP for AD auth

WAGHORN, Jason (NHS BORDERS) j.waghorn1 at nhs.net
Mon Aug 19 08:29:55 CEST 2019

Hi Matthew

>How does changing the auth method alter who can get on?

If I use NTLM_AUTH/WINBIND - it's harder to restrict access to a particular AD Group ("valid user, valid credentials = accept" versus LDAP: "valid user, valid credentials, correct group entry = accept") - no?

Since I've read here over the past week or so everyone simply says "use LDAP" when the question of AD group restriction is posed - I got the impression that moving to LDAP would be the way to go...




This message may contain confidential information. If you are not the intended recipient please inform the
sender that you have received the message in error before deleting it.
Please do not disclose, copy or distribute information in this e-mail or take any action in relation to its contents. To do so is strictly prohibited and may be unlawful. Thank you for your co-operation.

NHSmail is the secure email and directory service available for all NHS staff in England and Scotland. NHSmail is approved for exchanging patient data and other sensitive information with NHSmail and other accredited email services.

For more information and to find out how you can switch, https://portal.nhs.net/help/joiningnhsmail

More information about the Freeradius-Users mailing list