Granting varied levels of NAS permission based on LDAP group membership
gaio at lilliput.linux.it
Sun Apr 24 15:30:24 UTC 2022
Mandi! Nick Porter
In chel di` si favelave...
> There is a caveat (down to Active Directory behaviour), the user's
> primary group is not returned with either technique, and equally, nested
> groups which the user's primary group is a member of will not be
> returned. That's just how Active Directory chooses to present group
> membership in LDAP queries.
...but consider that in AD the default policy is to add users to 'Domain
so if you keep 'Domain Users' as default group and user only other group for
membership ''filter'' (in loose sense), you are OK...
Errare è umano, ma per fare veramente casino
ci vuole la password di root (Zio Budda)
More information about the Freeradius-Users