MSCHAP - NTLM against groups

Alan DeKok aland at deployingradius.com
Mon Oct 21 16:44:19 CEST 2019


On Oct 21, 2019, at 9:33 AM, Micha Ballmann <ballmann at uni-landau.de> wrote:
> 
> Thank you very much for your fast answer.
> 
> There is a prefix like "--require-membership-of="
> 
> I disabled winbind directly auth, enabled ntlm_auth and added "--require-membership-of='DOMAIN\wlan".
> 
> It works!

  That's good.

> Is there any disadvantage to LDAP?

  If you're doing one group check,  "--require-membership-of=" is fine.  If you're doing multiple group checks, it won't work.  You'll have to use LDAP.

  Alan DeKok.




More information about the Freeradius-Users mailing list