Old reply... ...but a Group is not a OU. My tests with using this option with an OU have not worked. Does anyone here know if samba/ntlm_auth can be configured to authenticate only users in a particular OU?
--- Roberto Ullfig - rull...@uic.edu Systems Administrator Enterprise Architecture and Development | ACCC University of Illinois - Chicago -----Original Message----- From: radiator-boun...@open.com.au [mailto:radiator-boun...@open.com.au] On Behalf Of varti...@open.com.au Sent: Thursday, May 05, 2016 3:29 AM To: radia...@open.com.au Subject: Re: [RADIATOR] NTLM/Samba Auth and OUs Hello, On Wednesday, 4 May, 2016 18:05, "Ullfig, Roberto Alfredo" <rull...@uic.edu> said: > > Can Radiator restrict access to an > OU or can this be done in Samba? > ntlm_auth has an optional parameter --require-membership-of={SID|Name} which could be used to restrict access only for members of certain group. (ref: https://www.samba.org/samba/docs/man/manpages/ntlm_auth.1.html) <AuthBy NTLM> ... NtlmAuthProg /usr/bin/ntlm_auth --helper-protocol=ntlm-server-1 --require-membership-of='WORKGROUP\Domain Users' ... </AuthBy> BR -- Tuure Vartiainen Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list radia...@open.com.au http://www.open.com.au/mailman/listinfo/radiator _______________________________________________ radiator mailing list radiator@lists.open.com.au http://lists.open.com.au/mailman/listinfo/radiator