[Samba] radius auth to samba
Andrew Bartlett
abartlet at samba.org
Wed Jul 2 13:39:34 MDT 2014
On Tue, 2014-07-01 at 11:36 -0700, Bob Miller wrote:
> Hello,
>
> > > I want to use RADIUS authentication on a firewall and have Samba be the
> > > source for the user accounts. I am using a pfsense firewall. Anyone
> > > pointers would be greatly appreciated.
> >
> > It looks reasonable to me, but I suggest running radius, ntlm_auth and
> > winbindd on a member server, not on your DC.
>
> I installed radius server right on the DC and built my firewall to use
> radiusclient<=>ntlmauth. It doesn't get used a whole lot, but it has
> been very reliable for over 18 months.
>
> Andrew is there any particular reason you recommend separating them, am
> I overlooking something I should be concerned about?
We like to encourage separation of roles, and the
--require-membership-of option doesn't work on the AD DC currently (to
be fixed for 4.2, when we swap to always using winbindd).
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba
mailing list