Il 03/04/2012 11:05, Andres Septer ha scritto:
> I have working radius - AD authentication via winbind (MSCHAP
> challnge-response).
> But I do not want to give all domain users ability to use VPN. I want to use
> special AD group.
[...]
> Any suggestions of documentation that will help, would be appriciated.
>From "man ntlm_auth":
> --require-membership-of={SID|Name}
> Require that a user be a member of specified group (either name or
> SID) for authentication to succeed.
Just change your call to ntlm_auth accordingly. Should be faster if you
specify SID (one less 'internal lookup').
HIH,
Diego.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
