http://bugzilla.opensuse.org/show_bug.cgi?id=912714
David Disseldorp changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |ddiss@suse.com,
| |fabian@ritter-vogt.de
Flags| |needinfo?(fabian@ritter-vog
| |t.de)
--- Comment #1 from David Disseldorp ---
Thanks for the report Fabian.
The FreeRADIUS AD integration guide at
http://wiki.freeradius.org/guide/FreeRADIUS-Active-Directory-Integration-HOW...
outlines how to provide radiusd access to the winbindd_privileged directory:
===
When called by radiusd (thus directly setting the challenge value) the
ntlm_auth program needs permission to access winbindd's winbindd_privileged
directory (somewhere under /var). Read access will usually be sufficient.
The radiusd.conf file sets the uid and gid your radiusd process will run as (by
the user and group directives, respectively). The ntlm_auth process will have
the same identity. If your filesystem containing the winbindd_privileged
directory supports POSIX ACLs, you can safely grant ntlm_auth the necessary
permissions, in case your disribution's default setting were insufficient. If
radiusd runs as the user radiusd for example, then you should use setfacl the
following way
setfacl -m u:radiusd:rx winbindd_privileged
===
Does this allow you to use ntlm_auth under FreeRADIUS without setuid?
--
You are receiving this mail because:
You are on the CC list for the bug.