MSCHAP - NTLM against groups
Alan DeKok
aland at deployingradius.com
Mon Oct 21 16:44:19 CEST 2019
On Oct 21, 2019, at 9:33 AM, Micha Ballmann <ballmann at uni-landau.de> wrote:
>
> Thank you very much for your fast answer.
>
> There is a prefix like "--require-membership-of="
>
> I disabled winbind directly auth, enabled ntlm_auth and added "--require-membership-of='DOMAIN\wlan".
>
> It works!
That's good.
> Is there any disadvantage to LDAP?
If you're doing one group check, "--require-membership-of=" is fine. If you're doing multiple group checks, it won't work. You'll have to use LDAP.
Alan DeKok.
More information about the Freeradius-Users
mailing list