On 28/06/13 17:31, Mathieu Simon wrote:
The result was same when using radtest with "-t mschap" if that's what
you're pointing out.
Interesting. I would not have expected that.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
G'day all
I've taken out a configuration from a earlier prototype that I used with
Samba/Winbind authentication but didn't use the rlm_ldap for authorization
back then. (Having some archives can be quite useful sometimes...) ;-)
Since ntlm_auth properly leads to Access-Rejects for disabled users
On 28/06/13 14:03, Arran Cudbard-Bell wrote:
On 28 Jun 2013, at 11:50, Phil Mayers
wrote:
On 28/06/13 08:14, Mathieu Simon wrote:
Second, I can't remember if mschap checks the acct control
flags in "authorize" or "authenticate". If the latter you'll
need to move away from using LDAP bind fo
On 28 Jun 2013, at 11:50, Phil Mayers wrote:
> On 28/06/13 08:14, Mathieu Simon wrote:
>
>>> Second, I can't remember if mschap checks the acct control flags in
>>> "authorize"
>>> or "authenticate". If the latter you'll need to move away from using LDAP
>>> bind for auth
>> Hmm, I guess that
On 28/06/13 08:14, Mathieu Simon wrote:
Second, I can't remember if mschap checks the acct control flags in "authorize"
or "authenticate". If the latter you'll need to move away from using LDAP bind
for auth
Hmm, I guess that would require me studying the code :-\
I've just taken a look - su
On 28 Jun 2013, at 10:45, Michael Rigoni
wrote:
> I had a quick look at the output you sent, and I see this:
> base_filter = "(sambaAcctFlags=[U ]"
> Seems like your are missing a closing bracket... but that should have
> triggered an error, so I looked at rlm_ldap source, and it see
I had a quick look at the output you sent, and I see this:
> base_filter = "*(*sambaAcctFlags=[U ]"
>
Seems like your are missing a closing bracket... but that should have
triggered an error, so I looked at rlm_ldap source, and it seems base
filter is only used for the "profile user" wha
G'day all, and thanks Phil for your hints
(Arran I'd want to leave 3.0 as an option of last resort even though it's
considered RC by now) ;-)
> try moving mschap after LDAP in "authorise"
Tried this one, no change unfortunately.
>Second, I can't remember if mschap checks the acct control flags i
Couple of things:
IIRC the account control flags are checked by the "mschap" module, which I see
is running before the LDAP lookup - try moving mschap after LDAP in "authorise"
Second, I can't remember if mschap checks the acct control flags in "authorize"
or "authenticate". If the latter you'l
On 26 Jun 2013, at 16:49, Mathieu Simon wrote:
> G'day all
>
> I've been working with Mihailo on this matter although he's been more into it
> I try to provide the data you ask for:
>
> Prelude:
> A Samba-disabled user has the following sambaAcctFlags in the LDAP Directory
> during an ldapsea
On Wed, Jun 26, 2013 at 9:27 AM, Alan DeKok wrote:
> Mihajlo Joksimovic wrote:
>> i have an uptodate Debian derivate with samba4.
>> The base_filter rule in the modules/ldap file is not accepted. There i
>> gave sambaacctflags but nothing happens. still all users get accepted.
>> in Base_filter I
Mihajlo Joksimovic wrote:
> i have an uptodate Debian derivate with samba4.
> The base_filter rule in the modules/ldap file is not accepted. There i
> gave sambaacctflags but nothing happens. still all users get accepted.
> in Base_filter I can write what I want, it always like skips this point.
>
Hi there,
i have an uptodate Debian derivate with samba4.
The base_filter rule in the modules/ldap file is not accepted. There i
gave sambaacctflags but nothing happens. still all users get accepted.
in Base_filter I can write what I want, it always like skips this point.
So everyone can login, al
13 matches
Mail list logo
