Hi, > (protest if this may sound like hijacking this thread...) > As short question since Tyler was asking for AD as backend - which I > have read (so far) > can't use the LDAP module since AD stores ntlm hashes - at least not > for authentication.
huh? this wasnt about authentication, it was about authorization - ie passing back details about what a user can do on some kit - that works fine 100% fine with LDAP and AD > But then for LDAP groups how is that supposed to be done when using > Samba/Winbind/ntlm_auth? ?? it isnt. ntlm_auth/samba/winbindd is purely for authentication - for authorization you use the LDAP module talking to your AD and use the AD as a DB oracle not an authentication source > Can I use LDAP groups for authorization (interestingly something I've > not really found covered online or in FreeRADIUS books I've had at > hand). its all covered in the books/docs/wiki alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
