查看: 1866|回复: 1

FreeRADIUS Active Directory Integration HOWTO

[复制链接]
  • TA的每日心情
    开心
    2016-5-12 14:23
  • 签到天数: 2 天

    [LV.1]初来乍到

    发表于 2014-3-3 14:35:34 | 显示全部楼层 |阅读模式
    設立Active Directory聯合FreeRadius驗證服務的叁考資料
    1 o2 V+ f7 ]6 g1 A( z4 ?1 i5 C- x2 i
    4 B5 }, f+ m7 e/ M8 Z, uhttp://wiki.freeradius.org/guide ... y-Integration-HOWTO
    9 S- U, P1 Q; n: E" h3 n0 d( {) Z
    回复

    使用道具 举报

  • TA的每日心情
    开心
    2016-5-12 14:23
  • 签到天数: 2 天

    [LV.1]初来乍到

     楼主| 发表于 2014-3-3 14:36:43 | 显示全部楼层
    WARNING!!!( T! H, L' I3 N" N8 Y; t; n+ G

    - E+ l, t% p# W8 \8 \When called by radiusd (thus directly setting the challenge value) the ntlm_auth program needs permission to access winbindd's winbindd_privileged directory (somewhere under /var). Read access will usually be sufficient.
    / {# A* j0 i  d% U! L# l+ }' i* V% \, }
    The radiusd.conf file sets the uid and gid your radiusd process will run as (by the user and group directives, respectively). The ntlm_auth process will have the same identity. If your filesystem containing the winbindd_privileged directory supports POSIX ACLs, you can safely grant ntlm_auth the necessary permissions, in case your disribution's default setting were insufficient. If radiusd runs as the user radiusd for example, then you should use setfacl the following way
    & ^% M( E3 X+ L  Z0 d; ^( O5 }" Q: O& J& J% d' ]4 M4 s3 U/ O
    setfacl -m u:radiusd:rx winbindd_privileged
    1 }7 a# N' G# f$ a. v+ i4 d
    * v4 u2 z1 Z% QOr something similar. See http://www.suse.de/~agruen/acl/linux-acls/online/ or man setfacl for more information on POSIX ACLs!# b- H: {1 o" d6 M- N3 j
    回复 支持 反对

    使用道具 举报

    您需要登录后才可以回帖 登录 | 立即注册

    本版积分规则

    小黑屋|Archiver|手机版|香港易事泊讨论区论坛 - bbs.hkesp.com    

    © 2001-2013 Comsenz Inc.All Rights Reserved.

    Powered by Discuz! X3.2

    快速回复 返回顶部 返回列表