On 31/05/2019 16.31, Ullfig, Roberto Alfredo wrote:
It seems there's no way to get Samba/Radiator to filter logins by OU,
only by ADĀ Group?
ntlm_auth by itself seems to be limited to this (from their man page):
--require-membership-of={SID|Name}
Require that a user be a member of specified group (either name or
SID) for authentication to succeed.
What I'm not sure of if there's anything that can be added to samba's
configuration file, but this might be too inflexible, even if such
parameters exist.
Quite likely ntlm authentication followed by an AuthBy LDAP2, to lookup
user and authorise based on lookup results, would the most flexible way
of doing this.
Thanks,
Heikki
--
Heikki Vatiainen <[email protected]>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, TACACS+, PAM, Active Directory,
EAP, TLS, TTLS, PEAP, WiMAX, RSA, Vasco, Yubikey, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, etc.
_______________________________________________
radiator mailing list
[email protected]
https://lists.open.com.au/mailman/listinfo/radiator
