TA的每日心情 | 开心 2016-5-12 14:23 |
---|
签到天数: 2 天 [LV.1]初来乍到
|
沙发
楼主 |
发表于 2014-3-3 14:36:43
|
只看该作者
WARNING!!!1 E. u8 ~6 v/ C$ |9 ^1 |
C( T0 q- [, T
When called by radiusd (thus directly setting the challenge value) the ntlm_auth program needs permission to access winbindd's winbindd_privileged directory (somewhere under /var). Read access will usually be sufficient.- \4 R ^5 R' C9 }! K7 k
' `: @9 ?6 L' \+ [& A$ ]2 q \
The radiusd.conf file sets the uid and gid your radiusd process will run as (by the user and group directives, respectively). The ntlm_auth process will have the same identity. If your filesystem containing the winbindd_privileged directory supports POSIX ACLs, you can safely grant ntlm_auth the necessary permissions, in case your disribution's default setting were insufficient. If radiusd runs as the user radiusd for example, then you should use setfacl the following way
1 \$ Z' `$ Z8 F0 w! m6 S
* P- o, {6 g+ B+ F: Gsetfacl -m u:radiusd:rx winbindd_privileged5 n- v# S9 Z% a# x
4 v% |1 T' y3 Y, Z* ?
Or something similar. See http://www.suse.de/~agruen/acl/linux-acls/online/ or man setfacl for more information on POSIX ACLs!7 ^3 t/ p, R6 N* |% d
|
|