[Samba] Samba4 and Freeradius
Andrew Bartlett
abartlet at samba.org
Mon Oct 21 18:01:18 UTC 2019
On Mon, 2019-10-21 at 14:30 +0200, Marco Gaiarin via samba wrote:
> Mandi! Micha Ballmann via samba
> In chel di` si favelave...
>
> > How can i authenticate against this groups? Is there any directive
> > like
> > "winbind_group = "?
>
> I've looked at docs and code, and seems no.
>
> You can:
>
> a) use ntlm_auth, with option '--require-membership-of='; space
> containing groups are not supported, use SID
This is the most efficient way of doing it, as it uses the pre-
calculated group list provided by the SamLogon reply.
However it is also quite blunt, because there is no/little
distinguishing between logon failures and group membership failures.
Perhaps there is a way to do that with the winbind module? That is
more efficient in very high-load situations (no fork/exec overhead, re-
uses the same socket). If not, someone should add it.
Andrew Bartlett
--
Andrew Bartlett https://samba.org/~abartlet/
Authentication Developer, Samba Team https://samba.org
Samba Developer, Catalyst IT
https://catalyst.net.nz/services/samba
More information about the samba
mailing list