查看: 2082|回复: 1

FreeRADIUS Active Directory Integration HOWTO

[复制链接]
  • TA的每日心情
    开心
    2016-5-12 14:23
  • 签到天数: 2 天

    [LV.1]初来乍到

    发表于 2014-3-3 14:35:34 | 显示全部楼层 |阅读模式
    設立Active Directory聯合FreeRadius驗證服務的叁考資料
    ) Y$ B' P: U$ m% y+ U6 ?2 `+ I% C- D" s8 i, S+ R
    http://wiki.freeradius.org/guide ... y-Integration-HOWTO+ d9 Z$ W- R) i" D) v% c1 B
    回复

    使用道具 举报

  • TA的每日心情
    开心
    2016-5-12 14:23
  • 签到天数: 2 天

    [LV.1]初来乍到

     楼主| 发表于 2014-3-3 14:36:43 | 显示全部楼层
    WARNING!!!
    , ^0 h+ G# p- J* m6 u0 h. X, Q. A* g' {' A4 l
    When called by radiusd (thus directly setting the challenge value) the ntlm_auth program needs permission to access winbindd's winbindd_privileged directory (somewhere under /var). Read access will usually be sufficient.
    . T, x* {% K% A. v7 _' ~; T
    ; N3 u$ m  W: W( `' D* ZThe radiusd.conf file sets the uid and gid your radiusd process will run as (by the user and group directives, respectively). The ntlm_auth process will have the same identity. If your filesystem containing the winbindd_privileged directory supports POSIX ACLs, you can safely grant ntlm_auth the necessary permissions, in case your disribution's default setting were insufficient. If radiusd runs as the user radiusd for example, then you should use setfacl the following way
    + S( @6 L  q+ l3 N. ?; _/ |, {2 K) d1 z$ t: k( S
    setfacl -m u:radiusd:rx winbindd_privileged1 v1 \) t: m9 y2 |8 z. f; L

    " n8 c  C8 }( y3 j. \Or something similar. See http://www.suse.de/~agruen/acl/linux-acls/online/ or man setfacl for more information on POSIX ACLs!6 {. N& l" g2 N- r- L" ^" o
    回复 支持 反对

    使用道具 举报

    您需要登录后才可以回帖 登录 | 立即注册

    本版积分规则

    小黑屋|Archiver|手机版|香港易事泊讨论区论坛 - bbs.hkesp.com    

    © 2001-2013 Comsenz Inc.All Rights Reserved.

    Powered by Discuz! X3.2

    快速回复 返回顶部 返回列表