[RADIATOR] NTLM/Samba Auth and OUs

Ullfig, Roberto Alfredo rullfig at uic.edu
Wed Jan 4 18:21:58 UTC 2017

Old reply...

...but a Group is not a OU. My tests with using this option with an OU have not worked. Does anyone here know if samba/ntlm_auth can be configured to authenticate only users in a particular OU?

Roberto Ullfig - rullfig at uic.edu
Systems Administrator
Enterprise Architecture and Development | ACCC
University of Illinois - Chicago

-----Original Message-----
From: radiator-bounces at open.com.au [mailto:radiator-bounces at open.com.au] On Behalf Of vartiait at open.com.au
Sent: Thursday, May 05, 2016 3:29 AM
To: radiator at open.com.au
Subject: Re: [RADIATOR] NTLM/Samba Auth and OUs


On Wednesday, 4 May, 2016 18:05, "Ullfig, Roberto Alfredo" <rullfig at uic.edu> said:
> Can Radiator restrict access to an
> OU or can this be done in Samba?

ntlm_auth has an optional parameter --require-membership-of={SID|Name}
which could be used to restrict access only for members of certain group.

(ref: https://www.samba.org/samba/docs/man/manpages/ntlm_auth.1.html)

<AuthBy NTLM>
    NtlmAuthProg /usr/bin/ntlm_auth --helper-protocol=ntlm-server-1 --require-membership-of='WORKGROUP\Domain Users'

Tuure Vartiainen 

Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.

radiator mailing list
radiator at open.com.au

More information about the radiator mailing list