[RADIATOR] Linux Radiator - Samba/NTLM_auth and OUs?
Heikki Vatiainen
hvn at open.com.au
Thu Jun 6 08:26:19 UTC 2019
On 31/05/2019 16.31, Ullfig, Roberto Alfredo wrote:
> It seems there's no way to get Samba/Radiator to filter logins by OU,
> only by AD Group?
ntlm_auth by itself seems to be limited to this (from their man page):
--require-membership-of={SID|Name}
Require that a user be a member of specified group (either name or
SID) for authentication to succeed.
What I'm not sure of if there's anything that can be added to samba's
configuration file, but this might be too inflexible, even if such
parameters exist.
Quite likely ntlm authentication followed by an AuthBy LDAP2, to lookup
user and authorise based on lookup results, would the most flexible way
of doing this.
Thanks,
Heikki
--
Heikki Vatiainen <hvn at open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, TACACS+, PAM, Active Directory,
EAP, TLS, TTLS, PEAP, WiMAX, RSA, Vasco, Yubikey, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, etc.
More information about the radiator
mailing list