On 08/06/2019 0.22, Schwarz, S. (ICT) wrote:
The “wireless-lumc” AD group, in this example, contains all users
accounts that are able to authenticate (about 14500 accounts)
I wanted to phase out some AD groups in favor of a single AD group, but
at this time that’s not an option due to the large business impact if
our entire wireless goes down at random.
Is there a known limit of members that an AD group may have (from a
Radiator perspective)?
This should not be a limit for Radiator. The Win32::NetAdmin functions
Radiator calls get the list of groups for a user. Because it does not
query list of users by a group, I think the size of group should not matter.
If you can do some debugging, see the end of Radius/AuthLSA.pm where the
group check is done.
If you could add a call to Win32::NetAdmin::GetError() and print error,
possibly using Win32::FormatMessage($error), when the calls do not
return TRUE, then you might get be able to get more information why it
failed.
In other words, when it looks like the user is not in group, print the
possible error before returning false.
See here for more information:
https://metacpan.org/pod/Win32::NetAdmin
Thanks,
Heikki
--
Heikki Vatiainen <[email protected]>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, TACACS+, PAM, Active Directory,
EAP, TLS, TTLS, PEAP, WiMAX, RSA, Vasco, Yubikey, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, etc.
_______________________________________________
radiator mailing list
[email protected]
https://lists.open.com.au/mailman/listinfo/radiator
