[Pkg-freeradius-maintainers] Bug#797181: freeradius: packaging 3.0.x
markus at cultcom.de
Wed Oct 26 08:24:52 UTC 2016
first of all: thanks for your great work.
Now the feedback:
I built the freeradius 3.0.12 packages for jessie on my own based on
your experimental sources.
Over all that worked fine but I needed the debhelper bpo-version.
The configuration looks unfamiliar but that is I suppose normal for a
major release change and it is well documented upstream.
What I am still urgently missing is a working reference documentation on
how to use ntlm_auth with freeradius.
The samba folks changed the winbindd_privileged socket to 750 so
changing the group on the folder does not change a lot as the group is
not allowed to write to the socket.
My current solution is an additional sudoers entry like this:
~# cat /etc/sudoers.d/freerad
# allow freeradius to access private winbind socket
freerad ALL=(root) NOPASSWD: /usr/bin/ntlm_auth
And then I prepend "sudo" within the mschap module to the ntlm call.
Tell me if you prefer other solutions like SUID/SGID bits or something.
Changing the socket permissions dose not work as they are restored on a
But freeradius is not the only software depending on ntlm_auth, so this
should be documented somewhere popular.
The LDAP-Group problems I encountered using 2.x releases are gone so
far, so that I need to stick with 3.x for productional use.
So from my point: Thumbs up for 3.x packages please try to get them into
the official jessie-backports, I'd be glad.
More information about the Pkg-freeradius-maintainers