TA的每日心情 | 开心 2016-5-12 14:23 |
---|
签到天数: 2 天 [LV.1]初来乍到
|
沙发
楼主 |
发表于 2014-3-3 14:36:43
|
只看该作者
WARNING!!!) |( J$ G5 O4 K2 d% L$ E. r
; ^7 _3 T F( _$ z( Z" O
When called by radiusd (thus directly setting the challenge value) the ntlm_auth program needs permission to access winbindd's winbindd_privileged directory (somewhere under /var). Read access will usually be sufficient.# h7 |' `! f9 }* `
, j5 m8 ~# G1 ]# uThe radiusd.conf file sets the uid and gid your radiusd process will run as (by the user and group directives, respectively). The ntlm_auth process will have the same identity. If your filesystem containing the winbindd_privileged directory supports POSIX ACLs, you can safely grant ntlm_auth the necessary permissions, in case your disribution's default setting were insufficient. If radiusd runs as the user radiusd for example, then you should use setfacl the following way
8 l6 I6 J/ s1 D/ \6 ]% m' r8 P9 j5 I) I9 @: F
setfacl -m u:radiusd:rx winbindd_privileged
8 A3 g7 f% j4 s- e' }) q) }. l
5 _1 ?0 e) a$ h' w, m! w0 |" NOr something similar. See http://www.suse.de/~agruen/acl/linux-acls/online/ or man setfacl for more information on POSIX ACLs!
1 z' Q& |8 s A3 d. w( @ |
|