Il 03/04/2012 11:05, Andres Septer ha scritto: > I have working radius - AD authentication via winbind (MSCHAP > challnge-response). > But I do not want to give all domain users ability to use VPN. I want to use > special AD group. [...] > Any suggestions of documentation that will help, would be appriciated. >From "man ntlm_auth": > --require-membership-of={SID|Name} > Require that a user be a member of specified group (either name or > SID) for authentication to succeed.
Just change your call to ntlm_auth accordingly. Should be faster if you specify SID (one less 'internal lookup'). HIH, Diego. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html