[Samba] Samba4 and Freeradius

Andrew Bartlett abartlet at samba.org
Mon Oct 21 18:01:18 UTC 2019


On Mon, 2019-10-21 at 14:30 +0200, Marco Gaiarin via samba wrote:
> Mandi! Micha Ballmann via samba
>   In chel di` si favelave...
> 
> > How can i authenticate against this groups? Is there any directive
> > like
> > "winbind_group = "?
> 
> I've looked at docs and code, and seems no.
> 
> You can:
> 
> a) use ntlm_auth, with option '--require-membership-of='; space
>  containing groups are not supported, use SID

This is the most efficient way of doing it, as it uses the pre-
calculated group list provided by the SamLogon reply.

However it is also quite blunt, because there is no/little
distinguishing between logon failures and group membership failures. 

Perhaps there is a way to do that with the winbind module?  That is
more efficient in very high-load situations (no fork/exec overhead, re-
uses the same socket).  If not, someone should add it.

Andrew Bartlett
-- 
Andrew Bartlett                       https://samba.org/~abartlet/
Authentication Developer, Samba Team  https://samba.org
Samba Developer, Catalyst IT          
https://catalyst.net.nz/services/samba






More information about the samba mailing list