(RADIATOR) Support for Microsoft groups with AuthBy LSA

romanjoh at msnotes.wustl.edu romanjoh at msnotes.wustl.edu
Wed Aug 2 08:25:44 CDT 2006 

Here is a link that explains the three types of group:

http://technet2.microsoft.com/WindowsServer/en/library/79d93e46-ecab-4165-8001-7adc3c9f804e1033.mspx?mfr=true

The highlights:  "There are three group scopes: universal, global, and
domain local.

Members of universal groups can include other groups and accounts from any
domain in the domain tree or forest and can be assigned permissions in any
domain in the domain tree or forest.

Members of global groups can include other groups and accounts only from
the domain in which the group is defined and can be assigned permissions in
any domain in the forest.

Members of domain local groups can include other groups and accounts from
Windows Server 2003, Windows 2000, or Windows NT domains and can be
assigned permissions only within a domain."


Here is another link:
http://www.samspublishing.com/articles/article.asp?p=98126&seqNum=2&rl=1

Our need is to permit wireless access to members of a group.  The group is
in one domain (the forest root domain) and the users are in subdomains in
that forest.  This requires the use of universal groups rather than global
groups.  I have just exhausted my understanding of things Microsoft since I
come from the networking side, but if you have more questions let me know.
I do wonder what is the difference between global and universal groups that
they are treated differently in the system call below.

Many thanks,

john



                                                                           
             Hugh Irvine                                                   
             <hugh at open.com.au                                             
             >                                                          To 
                                       romanjoh at msnotes.wustl.edu          
             08/02/2006 03:41                                           cc 
             AM                        radiator at open.com.au                
                                                                   Subject 
                                       Re: (RADIATOR) Support for          
                                       Microsoft groups with AuthBy LSA    
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           





Hello John -

At the moment Radiator only supports Global groups - but can you
point us to some description of Universal groups?

regards

Hugh


On 2 Aug 2006, at 02:42, romanjoh at msnotes.wustl.edu wrote:

> We are evaluating Radiator to replace another Radius server, and
> our need is to be able to authenticate users by Microsoft groups.
> Specifically, we need support for universal groups.Three types of
> Microsoft groups: Domain Local Groups, Global Groups, and Universal
> Groups.
>
> The documentation indicates in 5.51.7 that "Only Global groups are
> supported" for Groups in AuthBy LSA. The Perl code is:
> Win32::NetAdmin::GroupIsMember($controller, $group, $username) in
> AuthLSA.pm. I have not been able to tell from the ActiveState/
> Win32::NetAdmin documentation which types of groups are supported.
>
> Does this mean (as it appears) that Universal Groups are not
> supported? Does anyone have any experience or knowledge?
>
>
> John Roman
>
> jroman at wustl.edu
> Manager, Network Services
> Washington University
> Box 8132
> 660 S Euclid Avenue
> Saint Louis, MO 63110
> 314-362-7334



NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20060802/05237200/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: graycol.gif
Type: image/gif
Size: 105 bytes
Desc: not available
URL: <http://www.open.com.au/pipermail/radiator/attachments/20060802/05237200/attachment.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pic04031.gif
Type: image/gif
Size: 1255 bytes
Desc: not available
URL: <http://www.open.com.au/pipermail/radiator/attachments/20060802/05237200/attachment-0001.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ecblank.gif
Type: image/gif
Size: 45 bytes
Desc: not available
URL: <http://www.open.com.au/pipermail/radiator/attachments/20060802/05237200/attachment-0002.gif>

More information about the radiator mailing list