On Tue, 2012-10-30 at 16:27 +0530, Prateek Kumar wrote: > Hi, > I am using samba 3.2.2 with freeradius . I have joined the domain & > able to authenticate users with ntlm_auth. > > If in ADS-2003 I configure the Remote Access Permission for the user ( > User-properties->Dial-in ) as Deny then if I use the "ntlm_auth > --username=user --password=password" I get NT_STATUS_OK. What could be the > reason for this behavior , or is there any patch for this? > > Also if I use windows server's radius server than I am not able to connect > my user be NT_STATUS_OKcause access is denied for that user.
There is nothing that ntlm_auth does to indicate to the DC that this is for a remote access server, compared with say, Squid or a CIFS login. That's why it doesn't fail. Perhaps the --require-membership-of option might help, but I don't know what that particular GUI option sets. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba