TA的每日心情 | 开心 2016-5-12 14:23 |
---|
签到天数: 2 天 [LV.1]初来乍到
|
楼主 |
发表于 2014-3-3 14:36:43
|
显示全部楼层
WARNING!!!( T! H, L' I3 N" N8 Y; t; n+ G
- E+ l, t% p# W8 \8 \When called by radiusd (thus directly setting the challenge value) the ntlm_auth program needs permission to access winbindd's winbindd_privileged directory (somewhere under /var). Read access will usually be sufficient.
/ {# A* j0 i d% U! L# l+ }' i* V% \, }
The radiusd.conf file sets the uid and gid your radiusd process will run as (by the user and group directives, respectively). The ntlm_auth process will have the same identity. If your filesystem containing the winbindd_privileged directory supports POSIX ACLs, you can safely grant ntlm_auth the necessary permissions, in case your disribution's default setting were insufficient. If radiusd runs as the user radiusd for example, then you should use setfacl the following way
& ^% M( E3 X+ L Z0 d; ^( O5 }" Q: O& J& J% d' ]4 M4 s3 U/ O
setfacl -m u:radiusd:rx winbindd_privileged
1 }7 a# N' G# f$ a. v+ i4 d
* v4 u2 z1 Z% QOr something similar. See http://www.suse.de/~agruen/acl/linux-acls/online/ or man setfacl for more information on POSIX ACLs!# b- H: {1 o" d6 M- N3 j
|
|