TA的每日心情 | 开心 2016-5-12 14:23 |
---|
签到天数: 2 天 [LV.1]初来乍到
|
沙发
楼主 |
发表于 2014-3-3 14:36:43
|
只看该作者
WARNING!!!4 c5 C4 \8 A& X, p, }0 Y! l( _4 K8 w
/ n+ x, N8 e8 z' WWhen called by radiusd (thus directly setting the challenge value) the ntlm_auth program needs permission to access winbindd's winbindd_privileged directory (somewhere under /var). Read access will usually be sufficient.
( j3 l/ R. W. p: j/ r2 y. L* l/ R+ O# ~. Z
The radiusd.conf file sets the uid and gid your radiusd process will run as (by the user and group directives, respectively). The ntlm_auth process will have the same identity. If your filesystem containing the winbindd_privileged directory supports POSIX ACLs, you can safely grant ntlm_auth the necessary permissions, in case your disribution's default setting were insufficient. If radiusd runs as the user radiusd for example, then you should use setfacl the following way
6 l! o" W$ Z2 a' q/ X4 j! D$ x3 t+ `' n! R n. ]! U) z
setfacl -m u:radiusd:rx winbindd_privileged
0 D* I ^2 E7 q' q) e$ ~0 P/ }7 G9 X. n5 x# Y( w
Or something similar. See http://www.suse.de/~agruen/acl/linux-acls/online/ or man setfacl for more information on POSIX ACLs!% s5 V* s6 t# _, P4 ?# S" Z
|
|