Old reply... ...but a Group is not a OU. My tests with using this option with an OU have not worked. Does anyone here know if samba/ntlm_auth can be configured to authenticate only users in a particular OU?
--- Roberto Ullfig - [email protected] Systems Administrator Enterprise Architecture and Development | ACCC University of Illinois - Chicago -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of [email protected] Sent: Thursday, May 05, 2016 3:29 AM To: [email protected] Subject: Re: [RADIATOR] NTLM/Samba Auth and OUs Hello, On Wednesday, 4 May, 2016 18:05, "Ullfig, Roberto Alfredo" <[email protected]> said: > > Can Radiator restrict access to an > OU or can this be done in Samba? > ntlm_auth has an optional parameter --require-membership-of={SID|Name} which could be used to restrict access only for members of certain group. (ref: https://www.samba.org/samba/docs/man/manpages/ntlm_auth.1.html) <AuthBy NTLM> ... NtlmAuthProg /usr/bin/ntlm_auth --helper-protocol=ntlm-server-1 --require-membership-of='WORKGROUP\Domain Users' ... </AuthBy> BR -- Tuure Vartiainen Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator _______________________________________________ radiator mailing list [email protected] http://lists.open.com.au/mailman/listinfo/radiator
