Old reply...

...but a Group is not a OU. My tests with using this option with an OU have not 
worked. Does anyone here know if samba/ntlm_auth can be configured to 
authenticate only users in a particular OU?

Roberto Ullfig - rull...@uic.edu
Systems Administrator
Enterprise Architecture and Development | ACCC
University of Illinois - Chicago

-----Original Message-----
From: radiator-boun...@open.com.au [mailto:radiator-boun...@open.com.au] On 
Behalf Of varti...@open.com.au
Sent: Thursday, May 05, 2016 3:29 AM
To: radia...@open.com.au
Subject: Re: [RADIATOR] NTLM/Samba Auth and OUs


On Wednesday, 4 May, 2016 18:05, "Ullfig, Roberto Alfredo" <rull...@uic.edu> 
> Can Radiator restrict access to an
> OU or can this be done in Samba?

ntlm_auth has an optional parameter --require-membership-of={SID|Name}
which could be used to restrict access only for members of certain group.

(ref: https://www.samba.org/samba/docs/man/manpages/ntlm_auth.1.html)

<AuthBy NTLM>
    NtlmAuthProg /usr/bin/ntlm_auth --helper-protocol=ntlm-server-1 
--require-membership-of='WORKGROUP\Domain Users'

Tuure Vartiainen 

Radiator: the most portable, flexible and configurable RADIUS server anywhere. 
SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, 
TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, 
RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, 
Windows, MacOSX, Solaris, VMS, NetWare etc.

radiator mailing list
radiator mailing list

Reply via email to