查看: 2192|回复: 1

FreeRADIUS Active Directory Integration HOWTO

[复制链接]
  • TA的每日心情
    开心
    2016-5-12 14:23
  • 签到天数: 2 天

    [LV.1]初来乍到

    发表于 2014-3-3 14:35:34 | 显示全部楼层 |阅读模式
    設立Active Directory聯合FreeRadius驗證服務的叁考資料$ j3 P- q; x) ~0 X, [5 S3 n

    0 p$ V0 t7 E, S$ fhttp://wiki.freeradius.org/guide ... y-Integration-HOWTO' z2 j( Y5 [( O
    回复

    使用道具 举报

  • TA的每日心情
    开心
    2016-5-12 14:23
  • 签到天数: 2 天

    [LV.1]初来乍到

     楼主| 发表于 2014-3-3 14:36:43 | 显示全部楼层
    WARNING!!!
    0 Q4 ?6 A) a# c; S0 e; a0 T" w" m- J" F
    When called by radiusd (thus directly setting the challenge value) the ntlm_auth program needs permission to access winbindd's winbindd_privileged directory (somewhere under /var). Read access will usually be sufficient.' z& N" ^' B- \
    ( V+ w* s2 C6 d) r( J% v) r
    The radiusd.conf file sets the uid and gid your radiusd process will run as (by the user and group directives, respectively). The ntlm_auth process will have the same identity. If your filesystem containing the winbindd_privileged directory supports POSIX ACLs, you can safely grant ntlm_auth the necessary permissions, in case your disribution's default setting were insufficient. If radiusd runs as the user radiusd for example, then you should use setfacl the following way
    $ l5 {5 ]2 ~, Q, q9 H- X- ~, A6 ?4 S- w
    setfacl -m u:radiusd:rx winbindd_privileged. b. v+ j% m% J. I# a% W
    , n5 ~9 ]( q' I' R: z: \% r1 f
    Or something similar. See http://www.suse.de/~agruen/acl/linux-acls/online/ or man setfacl for more information on POSIX ACLs!3 Z9 X1 ^  M# Z  X
    回复 支持 反对

    使用道具 举报

    您需要登录后才可以回帖 登录 | 立即注册

    本版积分规则

    小黑屋|Archiver|手机版|香港易事泊讨论区论坛 - bbs.hkesp.com    

    © 2001-2013 Comsenz Inc.All Rights Reserved.

    Powered by Discuz! X3.2

    快速回复 返回顶部 返回列表