FreeRADIUS Active Directory Integration HOWTO
設立Active Directory聯合FreeRadius驗證服務的叁考資料http://wiki.freeradius.org/guide/FreeRADIUS-Active-Directory-Integration-HOWTO
WARNING!!!
When called by radiusd (thus directly setting the challenge value) the ntlm_auth program needs permission to access winbindd's winbindd_privileged directory (somewhere under /var). Read access will usually be sufficient.
The radiusd.conf file sets the uid and gid your radiusd process will run as (by the user and group directives, respectively). The ntlm_auth process will have the same identity. If your filesystem containing the winbindd_privileged directory supports POSIX ACLs, you can safely grant ntlm_auth the necessary permissions, in case your disribution's default setting were insufficient. If radiusd runs as the user radiusd for example, then you should use setfacl the following way
setfacl -m u:radiusd:rx winbindd_privileged
Or something similar. See http://www.suse.de/~agruen/acl/linux-acls/online/ or man setfacl for more information on POSIX ACLs!
页:
[1]