TA的每日心情 | 开心 2016-5-12 14:23 |
---|
签到天数: 2 天 [LV.1]初来乍到
|
沙发
楼主 |
发表于 2014-3-3 14:36:43
|
只看该作者
WARNING!!!
& G. O* n8 l4 I6 ]+ Q& C, z1 G' Y) V0 @
When called by radiusd (thus directly setting the challenge value) the ntlm_auth program needs permission to access winbindd's winbindd_privileged directory (somewhere under /var). Read access will usually be sufficient.! ]" \. W& m2 ^+ C, i7 q
0 ^3 y6 y- y8 H9 P I5 B7 R$ p5 q
The radiusd.conf file sets the uid and gid your radiusd process will run as (by the user and group directives, respectively). The ntlm_auth process will have the same identity. If your filesystem containing the winbindd_privileged directory supports POSIX ACLs, you can safely grant ntlm_auth the necessary permissions, in case your disribution's default setting were insufficient. If radiusd runs as the user radiusd for example, then you should use setfacl the following way" b$ q' X! }, U, k
) | Q! n* c; G H# f# o; m$ x- bsetfacl -m u:radiusd:rx winbindd_privileged4 U" ]6 `: ~$ @/ Z
m7 U) X- P% ]: g+ Y; YOr something similar. See http://www.suse.de/~agruen/acl/linux-acls/online/ or man setfacl for more information on POSIX ACLs!) q' G- X: N- Y& q. G) v" u% u
|
|